Feds unite on security benchmarks
A group of high-level IT officials in the federal government has begun collaborating on configuration benchmarks that government agencies could be required to use in future purchases of hardware and software.
The development of the benchmarks is at once an indication of the growing importance of security in Washington and of the government's intention to use its purchasing power as an agent of change inside the Beltway and in the vendor community.
"Yes, I believe the government is getting better at this," said Alan Paller, research director at The SANS Institute, based in Bethesda, Md., who has spoken with many of the federal CIOs involved in this effort. "This doesn't solve the entire problem, but it helps going forward. I believe a great deal of money was thrown away on reports that could've been spent on solving the problem."
The move comes at a time of heavy criticism of the government's security efforts, much of it tied to last week's release of an annual report card from the House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census on the security of federal agencies' networks.
[ Read more ]