thePipeline

Obey the rules

Complying with regulations can be tricky enough to turn you into a rebel with a pretty good cause, or so it seems sometimes. Some technology companies, seeing the wisdom of developing products for customers who have to comply with rules, are bringing new tools to market to help ease some of that regulatory burden.

Officials at Vista Technology Services Inc., for example, are developing a set of data-collection and analysis tools to aid agency officials in complying with Executive Order 13327, usually called by its catchier moniker EO13327. Sings, doesn't it?

The order pertains to managing property assets. It requires agencies to collect and use data to manage the 650 million acres of land and 3.5 billion square feet of building space that the government owns.

Agencies have not done well so far, according to Vista officials. And there's no official framework or guidelines that agency leaders can follow to be sure they're complying with the order, although some are on the way from the Office of Management and Budget, according to Vista's chief executive officer, David Baxa.

The company's product starts with tools to help customers assess and catalog their assets, he said.

"In order to do any kind of asset management, you have to understand what you have to start with," he said. "There are a number of agencies that have expressed concern that they need to get a good handle on what they have."

Vista officials approached the problem by building on the company's experience in managing the closure of military bases, which required careful tracking of assets, Baxa said.

The software tools will address three broad areas: the initial inventory, requirements analysis and decision support.

When President Bush issued the executive order earlier this year, Baxa said, Vista officials saw an opportunity.

"We were already doing work in facilities analysis," he said. "It's just a natural extension. We didn't set out this year to necessarily go in this direction, but with the issuance of an executive order, it seemed like a natural fit."

Meanwhile, officials at Lockdown Networks Inc. and Watchfire Corp. are releasing products aimed at agencies trying to comply with the Federal Information Security Management Act (FISMA), which requires certain security assessments and protections.

Lockdown is releasing Version 3.0 of its line of network appliances, including a new platform for Lockdown Auditor, said Rick Peterson, the company's director of federal sales.

From the agency perspective, he said, FISMA compliance is "a necessary evil, but [agencies ask themselves], 'How many resources do we assign to that, and what can we get away with? What do we actually have to do?'"

Lockdown's products make it easier for agencies to do the necessary reporting to show that they are complying with the law's requirements, he said.

The products evaluate security threats and risks. "We can give [agency officials] a real-time snapshot of where their security is" and generate reports that they can show OMB officials, he said.

Watchfire has introduced WebXM, AppScan and AppShield, which automate security processes, identify needed architecture updates, analyze all Web-related systems and servers that an agency controls, provide detailed recommendations to help plug vulnerabilities, identify risks and provide auditing, reporting and trending capabilities.

"It will assess your Web applications, looking for a variety of defects," said Steve Orrin, vice president of security and technology at Watchfire. "It's not FISMA-specific; [however,] it will test for all types of security vulnerabilities."