Magazine article Security Management

NSF Scores Well on Security

Magazine article Security Management

NSF Scores Well on Security

Article excerpt

Each year, the House Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census issues a "Federal Computer Security Report Card," grading how each agency protects its computer systems from malicious code and hackers. Each year the results are typically poor In 2002, the federal government as a whole received an F. In 2003, it earned a D.

A notable exception to the government's generally lackluster performance was the National Science Foundation (NSF), which improved to A- from D-. George Strawn, the NSF's chief information officer, says that the various tactics his organization used to strengthen its networks could be emulated by the private sector.

The NSF's first move was to look for weaknesses in the network by hiring consultants to run penetration tests. "The first time or two, they found some wide-open doors," says Strawn. "But now, it's to the point where they have trouble finding things to penetrate."

Another change at NSF was to develop a program for certifying and accrediting major applications and general support systems, such as the local area network (LAN) and the data center. To do this, his team looked to government guidelines. NSF consulted Special Publication 800-37 of the National Institute for Standards and Technology (NIST), Guide for the Security Certification and Accreditation of Federal Information Systems, which includes "extensive procedures for doing the certification and accreditation of systems and applications," Strawn says.

There were some side benefits to developing these certification and accreditation processes as well, according to Strawn. "One thing we found ourselves doing is tidying up documentation that should have been there in the first place, and we discovered it wasn't," he recalls.

The third issue that Strawn concentrated on was improving the organization's IT security policy. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.