What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here

SPECIAL REPORT: Security Directives and Compliance

*Following The Directives
*One Government, One Set Of Standards
*Ten Ways To Make Compliance Easier
*Delivering Knowledge
*Security Directives and Compliance.pdf [PDF]

You have read the directives. You have a good idea of what you have to do. Now you have to find the product and service solutions that secure your unique environment.


You might ask yourself: Do I need unique security solutions not found in commercial off-the-shelf (COTS) technologies? Or, how am I going to find a trustworthy supplier of high-grade, government certified encryption products to protect my sensitive and/or classified data?



No one said all of this is easy, but here are 10 things you can do to ease your compliance efforts.


1. Secure Your Digital Communications

Protect mission-critical data sent over high-speed WANs as well as remote access VPNs. Look for a SSL VPN solution that provides a complete range of remote access appliances and a comprehensive lineup of benefits such as a single platform for employee and partner remote access; and clientless access to enterprise applications and resources. Seek scalable appliances that meet the remote and extranet access requirements of your organization.


2. Protect Your Endpoints

Protect sensitive data on portable devices against loss, theft and unauthorized use. Look for products that prevent malware execution originating at an endpoint; protect against network security breaches where agency data could be exposed to fraud; and enable the transmission, integrity, confidentiality and retention of sensitive data without disruption, corruption or loss.


Do that and you will reduce endpoint security TCO, minimize security or compliance crisis response and remediate vulnerabilities more quickly and with fewer required resources.


3. Secure Login & Authentication

Provide authorized users with secure access to sensitive information, applications and facilities while keeping the bad guys out.


4. Secure Your Applications

Provide the security for mission-critical applications. This becomes even more critical when securing mobile users.


5. Seek Security Management Solutions That Explicitly Support Directives

Look for products that help you effectively deal with security challenges; specifically ones that support compliance with directives.


Seek products that explicitly support directives such as FISMA, HSPD-20, FDCC, HSPD-12 or Common Criteria EAL2. Or look for National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme for IT Security (CCEVS) certified and approved security management software.


6. Keep Your Network Agile, While Secure

Look for specialists who can keep your network agile while secure, all while fulfilling the necessary reporting deadline and compliance issues.


7. Safeguard the Confidentiality, Integrity and Availability of Sensitive Data and Ensure Secure Configurations.

Seek solutions that identify non-compliant security configurations through comprehensive network and agent-based scanning capabilities; remove the risk of classified data from being improperly disclosed; minimize the vulnerability window of exposure through the rapid remediation of vulnerabilities; control and monitor the flow of inbound and outbound data with removable media and devices; and identify organizational security holes in the protection of information through comprehensive auditing capabilities of user behavior and of endpoint configurations.


8. Seek Solutions That Improve IT System Performance

Explore products that prevent unwanted applications and devices from burdening network bandwidth; enable faster computing resources on network, laptops and PCs; and maintain PCs’ performance as new with configurations remaining stable.


Find security management software that enables you to reduce the risk of network instability and protect the confidentiality and integrity of sensitive data.


9. Improve End User Productivity

Ask about solutions that block unwanted, non-business desktop applications and enforce software license compliance within the government.


Solutions should comply with security configuration requirements as outlined by the FDCC and mandated by OMB M07-11. Products should also help map technical controls to policies through the import of SCAP documents; identify non-compliant security configurations through comprehensive network and agent-based scanning capabilities; enforce and maintain required security configurations through rapid remediation of non-compliant machines; and prove compliance with OMB M07-11 by providing high level and detailed reports of enterprise endpoint configurations.


10. Invest in training for you and your staff

If your staff isn’t trained to comply; how can they? If you are not sure what education or certifications your security professionals have, then invest in the education necessary.

Sources: Lumension, SafeNet, Juniper Networks