Pulse


Pulse

By GCN Staff


SANS Institute offers updated security policy templates

Security education provider SANS Institute released 27 updated information security policy templates government agencies can use to ensure their security policies are practical, up-to-date and reflect real-world experience.

The refreshed policy library removes policies that are no longer needed, adds those covering new technologies and new threats and updates policies to reflect changes in practice.

The update was produced by a team of security industry professionals chaired by Michele D. Guel, a senior security architect at Cisco Systems, and a 26-year veteran of the cybersecurity industry.

The templates can be downloaded from the SANS Security Policy Project.

For general policies, titles include Acceptable Use, Acceptable Encryption, Password Construction, Password Protection, Email Use, Disaster Recovery Plans, and Security Response Plans.

In the network security arena, users will find templates for policies on Remote Access, Router and Switch Security, Wireless Communications and Standards, and the Assessment of Potential Acquisitions.

Server security templates include policies covering Database Credentials, Technology Equipment Disposal, Lab Security, and Software Installation. Templates database also includes a Web Application Security Policy template.

The templates are often generalized versions of policies developed for and used by government agencies and corporations.

"The Policy Project site allows organizations to create better policies, faster, by starting from a proven set of templates,” said Alan Paller, director of research at the SANS Institute. “It also helps ensure their own policies have sufficient scope and depth relative to those included in the library.”

Posted on Sep 05, 2014 at 7:59 AM0 comments


AT&T cloud storage offers beefed up security

As agencies increasingly migrate to the cloud in search of security and savings, their potential industry partners are stepping up to supply the increased security features demanded by federal customers.

This week, AT&T announced Synaptic Storage as a Service (STaaS ) for Government, a multi-tenant, community cloud that has the same features as AT&T's commercial cloud storage offering but adds additional security, the company said in its announcement.

Among the security enhancements are:

  • Storage towers that are physically separated from other users' towers in the data center.
  • Separate logical cloud for government data so that government customer data will not co-exist with commercial data.
  • A separate cloud portal partition for government agencies.
  • All government agency customers and their authorized users are assigned RSA hard token for two-factor authentication.

"Federal agencies want the mobility, collaboration, information sharing and efficiency that cloud offers but they can't afford to adopt cloud solutions that sacrifice performance, reliability and above all, security," said Kay Kapoor, president, AT&T Government Solutions.

"Our new STaaS for Government offer delivers the key attributes federal buyers require and allows them to move to the cloud with ease and confidence."

Posted on Sep 03, 2014 at 10:22 AM0 comments


Leidos to produce digital maps for intelligence community

The National Geospatial-Intelligence Agency (NGA) awarded Leidos Inc., a contract potentially worth $20 million to provide digital mapping production services to the national security and geospatial intelligence communities.

Leidos, which describes itself as a national security, health and engineering solutions company, provides production services for imagery, map-based intelligence and geospatial information for national security projects. It also supports the National System for Geospatial Intelligence, the collection of of technology, policies and programs necessary to geospatial intelligence in an integrated environment, the company said.

Under the single-award, indefinite delivery requirements contract, Leidos will work on production flow efficiencies and improved customer services for producing mapping deliverables to the intel community. It will also provide online and on-demand capabilities to the mapping production process, according to the company.

Leidos said its team will produce digital and plate-ready, standard and non-standard NGA geospatial intelligence mapping for navigation planning charts as well as digitized and compressed raster graphics.

“We look forward to providing global products … as well as services designed to further automate and streamline NGA's effort to deliver global products to its customers,” said Leidos Group President Larry Hill.

 

Posted on Aug 29, 2014 at 7:49 AM0 comments


Massachusetts readies IP-based, interoperable 911 system

Massachusetts will soon have a statewide emergency services system that will let first responders communicate in real time using Internet Protocol formats.

The Massachusetts State 911 Department awarded General Dynamics Information Technology a contract to build, install and operate an  IP-based system that will help the commonwealth’s public safety community integrate new technologies, including smart phones, texting, video and web services into its first-response arsenal.

Massachusetts Public Safety Secretary Andrea Cabral said the new system, “will effectively transform our analog based system into an IP- based system, making it compatible with today's changing technology and communication methods."

The deal equips the commonwealth to move to a statewide next-generation 911 system that complies with National Emergency Number Association's i3 architecture standards, which establishes nationwide interoperability for the system and will speed information sharing with first responder teams, officials said.

General Dynamics will replace Massachusetts’s legacy Enhanced 911 (E911) emergency call-handling system with a secure, IP-based NG 911 system. The new protocols clear the way to receive emergency service requests from existing public networks as well as new applications and devices, according to the company. Data from geographical information systems, for example, will be integrated into all emergency service requests to accurately map a caller's location and route calls to public safety answering points.

The company will also train more than 6,000 Massachusetts police, fire and dispatch workers and other emergency service organizations.

"This vitally important system transition enhances the safety of 911 users in the Commonwealth by allowing the public better, easier access to emergency responders," Cabral said.

General Dynamics said it has launched more than 50 E911 systems into service, including the recent transition of the E911 system in Morgan County, Ohio, to a NG911 network.

Posted on Aug 28, 2014 at 9:09 AM0 comments


Maryland moves HR to the cloud

The state of Maryland will replace and consolidate its legacy, on-premise human resources software with a unified system from Workday, a provider of enterprise cloud applications for human resources and finance.

For several decades, Maryland relied on a legacy mainframe with multiple, stand-alone applications for personnel, time tracking and benefits.  But because that system lacked proper data management and reporting capabilities, individual agencies developed and maintained their own reporting tools. Before long, information silos and redundant efforts were common across the state.

As part of its aim to standardize IT in the cloud, Maryland wanted to replace its legacy HR system with a unified, multitenant cloud that would scale and adapt to the state’s long-term needs.

With Workday, 45,000 employees across 54 agencies will be able to easily access and manage their personnel, time tracking and benefits information in the cloud. And state leaders will get better insight into their teams by having  a global view of the workforce and agency management.

With Workday, Maryland expects to:

  • Reduce the cost and burden of maintaining multiple legacy systems by moving to ongoing delivery of features and technical functions in the cloud.
  • Streamline workforce-related business processes within and between state agencies.
  • Deliver an intuitive, self-service experience to employees.
  • Equip state executives and agency management with real-time workforce analytics and reporting.
  • Improve security and risk mitigation with internal controls and audit tools for regulatory compliance.

Posted on Aug 26, 2014 at 12:17 PM0 comments