DHS gets risk management system in place

The Department of Homeland Security has transitioned to a new information assurance architecture manager that will allow it to more easily manage network risk across its multitude of operations.

The framework, Telos' Xacta IA Manager, allows enterprise-wide information assurance compliance, monitors and tracks access, creates plans of action and milestones, and controls assessments and ongoing authorizations.

"We have implemented common controls across the entire enterprise," said Richard Johnson, DHS's branch chief for technical implementation.

The deployment, which has been operational since September, includes all 22 department components.

The framework's continuous monitoring capabilities – the ability to identify and measure the security implications of planned and unscheduled changes to hardware and software, as well as the ability to weigh potential cyberthreats -- drew DHS to the solution, Johnson said. The system streamlines that process, allowing security scans to be ingested and linked to controls. Previously, scan information might have been sent back to a database and not acted on immediately.

Johnson said the Xacta tool will provide DHS with a portal for the Federal Risk and Authorization Management Program (FedRAMP), which is intended to save time and money for agencies moving data to shared server farms by eliminating the security-testing step.

FedRAMP is the federal government's risk and security assessment program for cloud-based services and was designed to make the assessment process more efficient by providing a "do once, use many times" framework.