RFI for cybersecurity LOB hits the wires
- By Jason Miller
- Apr 07, 2005
The Office of Management and Budget and the Homeland Security Department this week kicked into high gear the cybersecurity Line of Business effort by releasing to industry a request for information.
details the three major areas the task force, which met for the first time March 23, wants to standardize and share across government. Industry has until May 5 to submit answers to a series of questions on information systems security management, including ways to improve current processes and controls, promote seamless information sharing, and achieve savings by eliminating duplicative investments in hardware, software and shared services, according to the RFI.
"The objective is to identify opportunities and solutions to strengthen the ability of all agencies to conduct training, specialized training and knowledge sharing; threat awareness and incident response capability; program management, security lifecycle; selection evaluation and implementation of security products and defend against threats, correct vulnerabilities, manage resulting risks and reduce cost," the RFI said.
OMB and DHS will hold an industry day April 18 in Washington.
After receiving responses, OMB and DHS will develop a set of common systems and operations that will be integrated with the Federal Enterprise Architecture. The task force will submit final recommendations to OMB by Sept. 1, in time for the fiscal 2007 budget submission.
"We view industry as our partner, and we want them to talk about best practices, but we also need them to talk about worst practices," said Tim Young, OMB's associate administrator for e-government and IT, at the FOSE 2005 trade show in Washington. "It takes courage for industry to come in and talk about their failures. In many instances, industry already consolidated their back-office operations, and we want to know how it worked, both good and bad."
In the request for information, OMB and DHS are asking for suggestions on:
- Program management
- Security considerations in the information systems lifecycle
- Situational awareness and incident response capability
- Training and knowledge sharing
- Selection, evaluation and implementation of security hardware, software and services.
"This is a bold initiative to try to operationalize cross-agency collaboration." said Robert Dix, former staff director of the House Government Reform Subcommittee on Technology and current vice president of government affairs and corporate development for Citadel Security Software Inc. of Dallas, today at FOSE. It includes "the tools to make IT more secure."