<<< Date Index >>>     <<< Thread Index >>>

[IP] Government and tech industry release security recommendations




September 23, 2003
Government Executive
Government and tech industry release security recommendations
By Shane Harris
<mailto:sharris@xxxxxxxxxxx>sharris@xxxxxxxxxxx

Five federal agencies, a nonprofit Internet security group and one of the nations largest software manufacturers have issued recommendations for making one of the most popular software programs in the government more secure. The move, announced at a press conference in Washington Tuesday, marks a watershed between the government and the technology industry, officials said. Oracle Corp., the giant database software maker that counts the federal government as its largest single customer, has agreed to deliver a new version of its product to the Energy Department that has more than 250 specific security enhancements. Those modifications have been packaged in a <http://www.cisecurity.org/bench.html>benchmark documentthat is being published on the Internet, so that other federal agencies can take advantage of it. Its unclear how many agencies will avail themselves of the security recommendations, since implementing them could take considerable time and effort. Karen Evans, Energys chief information officer and a driving force behind the deal with Oracle, noted that the lengthy process of making security changes to commercial software was one of the reasons her department sought concessions from the company before the product was delivered. The Energy Department deal conforms to an Office of Management and Budget mandate to use the federal governments significant purchasing power to gain concessions and special arrangements from technology contractors. The government is the single largest purchaser of information technology goods and services in the United States. The Center for Internet Security, which helped craft Oracles modifications, is also developing an automated tool that will scan a system and score it on how well it complies with the benchmarks. The tool is in the final stages of development, and the center will release it publicly when it is finished. Energy and Oracle reached their agreement in the summer, but neither side had publicly announced the deal or the release of the benchmark document before. Evans will have broader authority over procurement and security strategy when she takes over the position of e-government and technology chief at OMB next month. She replaces Mark Forman, the presidents first e-government administrator, who is taking a job in the private sector.

Oracle is delivering the more secure software as part of a two-phase licensing agreement with Energy. The first phase will cover the departments headquarters in Washington and is valued at $5 million, Evans said. The second phase, which Evans expects to be implemented in the next fiscal year, will provide the Oracle software to government and contract Energy locations across the country, she said.

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/