[ISN] FAA wants help becoming cybersecurity shared-services provider

From: InfoSec News (alerts@private)
Date: Tue Feb 12 2008 - 23:16:35 PST


http://www.fcw.com/online/news/151613-1.html

By Jason Miller
FCW.com
February 12, 2008

The Federal Aviation Administration wants to become a shared-services 
provider under the Security Line of Business initiative.

In a market survey released on FedBizOpps.gov last week, FAA asked for 
support services for a leading edge cybersecurity management center.

FAA wants vendors to provide comments through the market survey on its 
draft statement of work.

Officials leading the Security LOB recently said a shared-services 
concept for incident response reporting is one approach to ensuring 
agencies have these functions and they are standard across the 
government.


FAA is asking for comments on 11 functional areas including:

    * A ramp-up in staffing to establish a duty officer presence beyond 
      the current watch officer presence and increasing duty analyst 
      support.

    * A focused effort in integrating somewhat disparate hardware 
      platforms and applications.

    * Data and technology integration toward the creation of the 
      Transportation Departments Center of Excellence.

    * Developing the capability to perform event correlation, data 
      reduction and anomalous event detection.

    * Providing guidance for and understanding of the 
      cybersecurity-related activities.

    * Providing a situational awareness and an up-to-date snapshot of 
      cyber events that are ongoing within the world of cybersecurity.

    * Providing an understanding of the alerts issued by the commercial 
      vendor arena.


FAA will hold a vendor day Feb. 22 in Leesburg, Va., and comments on the 
draft statement of work are due by Feb. 21.

The Computer Security Management Centers goal of achieving information 
assurance is accomplished by implementing layered defense methodologies 
by performing vulnerability assessment, compliance verification, 
security patch and virus notification, intrusion detection, incident 
handling and assistance with cyber disaster recovery, agencywide, the 
draft statement of work states. The CSMC is expanding and continuously 
maturing. Toward that end, this statement of work covers not only the 
goals and objectives [of the program], but describes the support effort 
necessary to move CSMC to the next level in becoming a world-class 
cybersecurity organization.

Copyright 1996-2008 1105 Media, Inc. All Rights Reserved.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Tue Feb 12 2008 - 23:32:02 PST