DISA discusses new STIG process
The recent approval of the Samsung Knox to be used on Defense Department networks reflected a paradigm shift in the Defense Information Systems Agency’s business processes, the agency said Friday.
The Knox was granted approval of Security Implementation Guides or STIGs even before it was commercially released, allowing DISA to get the device in the hands of DOD personnel as soon as it became available.
Previously, new technologies would enter the marketplace and the department would have to wait until DISA could develop a STIG, outlining required technical controls and settings, before introduction and integration to the enterprise.
The rate at which technology was turning over, usually every six to nine months, the department was continually behind.
“The Knox Android STIG was a highly successful effort demonstrating how industry and DOD can work together to create rigorous security guidance quickly, enabling DOD to benefit from new technology as soon as it is commercially available,” said Terry Sherald, chief of the information assurance standards branch and the architect behind developing and fostering the new process.
This new paradigm came about because Sherald’s team created a new process that enabled vendors to develop their own STIGs based on DOD Security Requirements Guides and submit full documentation to DISA for final validation.
While this new process is established for mobile devices, Sherald and her team plan to expand the effort to other technology areas as well, DISA said.
“For the mobility world, a new process was critical,” she said. “The market moves too fast, and this was the only way to meet the mobility needs. We knew that if we could partner with vendors from the start, in their development cycle, and provide them with our Security Requirements Guides, we could get out in front of the market and deliver leading-edge capabilities to the department as soon as the technologies are commercially available.
According to DISA, the agency worked with Samsung and its partners in producing the STIG that included constant communication with DISA that enabled Samsung developers to make changes to its Knox code more rapidly to meet DOD requirements.
DISA plans to share general lessons learned from this effort to assist subsequent vendors writing STIGs, the agency said.
FedMentor: Chuck McGann
Chuck McGann, chief information security officer, Office of the CIO, U.S. Postal Service, shares career advice in this FedMentors interview for FedScoopTV.
Excerpt:
My first government job was in local law enforcement. I was a patrolman of a small town in central Massachusetts called the Brimfield Massachusetts Police Department. What I learned from that job was that you have to be able to read people; you have to be able to deal with people. Some of the things you learn on that job is that not everything is as it seems to be. What people may say is their issue is not necessarily their issue, so what you start to learn is to dig into the information you’re presented. Now that was first, and then I went on to be the Postal Service CISO and I came into Postal as an IT manager. I had a background in IT and I’ve always worked a couple of jobs at the same time – I was in local law enforcement and information technology. I came to the Postal Service, thinking, from the private sector to the public sector, I’m going to work with the best of the best. That wasn’t really the case – they were good, but some of the best people I’ve worked with were in the private sector. But as we’ve grown in the federal space, working in the postal space, we’ve grown better.
McAfee’s Mike Carpenter on cyber challenges
Mike Carpenter, president, North American sales, McAfee, discusses cybersecurity challenges in this interview with FedScoopTV.
On cyber challenges:
I think the largest cyber threat facing the government has to do with integration and communication. The one value the government has is, there’s this large concern and understanding of the threat. There’s a lot of technology investments being made and there’s a vast amount of expertise in dealing with cyber threats. However, being able to tie the information together and being able to tie the tools together, and being able to leverage these assets that exist in the intelligence community with the assets that exist in the defense community with the assets that exist in the civilian community pulls a challenge. Although I think the resources are there, I think the biggest obstacle they’re going to have is being able to pull that information together and pull that vast set of assets together to help solve the problem.
FedMentor: Robert Palmer
Robert Palmer, director, information assurance, Department of Homeland Security, shares career advice in this FedMentors interview for FedScoopTV.
Excerpt:
My first government job was actually as a contractor supporting DOD in requirements analysis. What I learned from that, being grounded in requirements is important, and it really keeps you centered on the mission and what the actual necessities are associated with the mission. Especially in IT security, we have to ask ourselves quite often, why are really we doing this? What are the actual requirements that we’re trying to meet?
I actually started out as a teacher early in my career, and I feel like that skill or the development of that skill has helped me relate with people, understand how to motivate folks, which as you progress in your career becomes more and more valuable in understanding how to lead people through tasks, projects, et cetera.
You have to understand there is an eco-system around you to support you as a federal employee – everyone from the people that you may work for, that may work for you, the contractors and or their products and services that support you as a fed – all of those folks are there to support the mission, and thus, your role in that mission.
FedPod: celebrating the Digital Government Strategy
The federal technology community celebrates the 1-year anniversary of the Digital Government Strategy, plus we preview FedTalks.
VanRoekel: Agencies have ‘permission slip to innovate’
The federal government has been given its “permission slip to innovate,” U.S. Chief Information Officer Steven VanRoekel said Thursday when discussing the 1-year anniversary of the Digital Government Strategy.
VanRoekel said the Digital Government Strategy and the recently released open data policy, along with the orders and memos accompanying them, give federal agencies the freedom to think outside the box and use innovation within the constructs of efficiency.
“People are expecting more digitally from their government,” VanRoekel said. “How do you take the fiscal pressures and the security issues, and bring all of that together to deliver a product? The only way is by being innovative.”
Along with serving as the first anniversary of the strategy, May 23 also marked the deadline for various key deliverables within the strategy. By today, federal agencies must have two completed application programming interfaces and a robust developer page on their website.
VanRoekel said the strategy has allowed the government to wake up and think about how it uses technology to solve the problems of the 21st century.
Of those, VanRoekel mentioned wanting 2013 to be the year the government does away with its monolithic thinking of the past.
“Before when government had a monolithic problem, it went to a monolithic vendor for a monolithic solution,” VanRoekel said. “The private sector has shown that this approach is no longer necessary and that technology can solve problems in a myriad of ways. When we look back in history – 10 to 15 years from now – I want people to see 2013 is when this stopped.”
VanRoekel highlighted four key results of the digital strategy:
Information centric
Over the past year, VanRoekel said, the government has significantly shifted how it thinks about digital information — treating data as a valuable national asset that should be open and available to the public, entrepreneurs and others, instead of keeping it trapped in federal systems.
Shared platform
The federal government and citizens cannot afford to have each agency build isolated and duplicative technology solutions, VanRoekel said. Instead, the government must use modern platforms for digital services that can be shared across agencies. One example is the new wireless service blanket purchase agreement the General Services Administration announced May 22.
Customer centric
VanRoekel said Americans shouldn’t have to struggle to access the information they need. To ensure citizens can easily find federal services, the government announced Thursday it has implemented a governmentwide Digital Analytics Program.
Security and privacy
Throughout these efforts, maintaining cybersecurity and protecting privacy have been paramount, VanRoekel said. He added because mobile devices and wireless networks have unique security challenges, the government published the first comprehensive mobile and wireless security baseline to help agencies identify appropriate security solutions and share them.
FedScoop Guide: Digital Government Strategy turns 1
President Barack Obama and Todd Park, federal CTO (Photo: Pete Souza/White House)The federal government celebrated the first anniversary of the Digital Government Strategy on Thursday, highlighting the initiatives and programs developed over the past year. To help make sense of the different projects, FedScoop has created a guide that sums up the progress following the release of the framework.
From the White House
U.S. Chief Information Officer Steven VanRoekel and U.S. Chief Technology Officer Todd Park trumpeted the major milestones of the strategy in this blog post that details some of the strategy’s success: creating an information-centric environment, establishing a shared platform, focusing on a customer-centric model, and security and privacy.
“In the end, the digital strategy is all about connecting people to government resources in useful ways,” the two wrote. “And by ‘connecting,’ we mean a two-way street. We are counting on the public — developers, entrepreneurs and innovators – to join us, and be a part of the process. Together, we will continue to modernize government to respond to 21st-century opportunities.”
From the CIO Council
The CIO Council was busy as well. On Thursday, it released a number of reports around the Digital Government Strategy.
- First, to promote the secure adoption and use of new technologies, the Department of Homeland Security, the Defense Department and the National Institute of Standards and Technology developed a baseline of standard security requirements for mobile computing and a mobile security reference architecture that incorporates security and privacy by design. These standards were released as the Federal Mobile Security Baseline, Mobile Computing Decision Framework, and Mobile Security Reference Architecture.
- The second report focused on mobile applications. In the report, Adoption of Commercial Mobile Applications within the Federal Government, the CIO Council has completed a review of some of those structures and procedures, and developed recommendations for ways the government can coordinate across agencies to develop tools, services and information that help overcome some of the common challenges agencies face in adopting commercial mobile apps.
Inside the projects
The White House updated the status of both the strategy’s milestones and its deliverables on separate web pages. The deliverables page also includes highlighted projects underneath the heading of the strategy’s main goals. There are also pages dedicated to the mobile services and APIs each agency created as part of the strategy.
For a look at the developer pages each agency constructed, there is a listing on data.gov. The General Services Administration also has a page updating each agency’s digital strategy pages.
Video
The Agriculture Department highlighted its work on the digital strategy in this video.
http://www.youtube.com/watch?v=o8Joz5Qc_OM&feature=em-uploademail
From the agencies
A number of federal agencies also highlighted their work in the digital strategy. Here are some links:
Hagel: DOD to purchase new EHR system
The Defense Department will seek a commercial solution for electronic health records instead of adopting the Veterans Affairs Department’s own Veterans Health Information Systems and Technology Architecture otherwise known as VistA.
Defense Secretary Chuck Hagel officially announced May 22 DOD will pursue “a full and open competition for a core set of capabilities for healthcare management software modernization” following a 30-day review of the program.
“Our objective is to provide the best possible healthcare for our service members with continuous quality care,” Hagel said. “Our service members and veterans, and their families, expect and deserve a seamless system to administer the benefits they have earned. Secretary Shinseki and I will continue to work closely together to deliver on that promise.”
In the near term, DOD will continue coordinated efforts with VA to develop data federation, presentation and enhanced interoperability, Hagel said. This goal will be the first priority in this process, he added.
Hagel said while VA may have good reasons to adopt VistA for its EHR core, it was not a good fit for his department.
“A competitive process will allow DOD to consider commercial alternative that may offer reduced cost, reduced schedule and technical risk, and access to increase current capability and future growth in capability by leveraging ongoing advances in the commercial marketplace,” he said.
He continued, “Approaching this challenge in this manner will ensure that DOD acquires the right healthcare IT to meet its requirements while ensuring interoperability with VA, that this acquisition is conducted in a manner that achieves the best value for America’s taxpayers, and that DOD invests in healthcare IT that is sustainable over the long term.”
Press briefing on the EHR announcement:
GSA wireless BPA could save government $300 million
The federal government is now one big family in the eyes of mobile wireless carriers.
The General Services Administration announced the awarding of a new governmentwide blanket purchase agreement that will allow the federal government to consolidate its wireless service plans and centralize management.
GSA said the agreements could bring approximately $300 million in savings over the next five years.
“By buying in bulk, we’re buying once and we’re buying well,” said GSA Acting Administrator Dan Tangherlini in a released statement. “This common-sense approach allows us to do what families and businesses across America do every day. We’re driving down costs, increasing efficiency and improving service and operations. These agreements give agencies the ability to pool minutes, order plans and devices more efficiently and have greater visibility into their purchases.”
Tangherlini, whom President Barack Obama announced his intent to nominate as the full-time GSA administrator, was joined by executives from AT&T, Sprint, T-Mobile and Verizon in making the announcement.
GSA said federal agencies spend an estimated $1.3 billion on wireless services and mobile devices annually.
The government, though, has had a fragmented approach to managing them, with the agencies handling more than 4,000 separate wireless agreements and 800 wireless plans.
Joe Jordan, administrator for federal procurement policy at the Office of Management and Budget said: “This is an important day for our governmentwide strategic sourcing efforts. We applaud GSA’s work on this initiative, and look forward to working with agencies as they take advantage of these new and innovative agreements that will help save taxpayer dollars.”
Catching up with Vivek Kundra (AUDIO)
Former U.S. Chief Information Officer Vivek Kundra, now executive vice president of emerging markets at Salesforce.com, sat down with FedScoop Radio on Wednesday to discuss the latest in his career, the emergence of cloud computing in governments around the world and his outlook on the future of computing.