SmartBuy Security LOB contract in development

A working group developing the Security Line of Business wants to develop an enterprise software agreement under the SmartBuy program to help agencies implement three capabilities in the areas of situational awareness and incident reporting.

A LOB working group of 35 agencies is developing the common governmentwide technical requirements for baseline configuration testing, vulnerability assessments and network mapping and discovery tools, which eventually will become part of the SmartBuy program, said John DiLuna, a SRA/Touchstone project manager who works for the Security LOB.

In a recent survey by the developers of the LOB, agencies said these three ? along with anti-spy ware and anti-virus ? were the areas they were most interested in and would implement in the next year or so, DiLuna said during a conference on the core desktop standard sponsored by the National Institute of Standards and Technology.

A SmartBuy contract already exists for anti-spy ware and anti-virus with vendors including McAfee and Xacta.

"Within the technical requirements, the working group insisted that vendors make Secure Content Automation Protocol validated products for these functions," DiLuna said. "The LOB will work with NIST to ensure the tools align with their processes."

DiLuna added that he would expect a blanket purchase agreement in place by late summer.

In addition to these areas, DiLuna said the LOB's developers are starting to consider options for how agencies could obtain other situational awareness and incident reporting services, including forensics, penetration testing, security information management and data flow analysis. In the survey,agencies had a less than immediate need for these four functions.

He said going to a shared service center concept is an option for some of these.

"These four are highly specialized or carry a high carrying cost because they are used intermittently," DiLuna said. "They also may not be used or bought by small agencies."

These tools may not be available until fiscal 2009, according to the Security LOB project timeline.

The LOB also kicked off a working group around the Trusted Internet Connections initiative. It will consider how to help agencies meet the June 30 deadline to reduce the number of Internet gateways across government.

Jason Miller writes for Government Computer News and Federal Computer Week, 1105 Government Information Group publications.