CSEAT will review agencies' security for free

CSEAT will review agencies' security for free

By Susan M. Menke

GCN Staff


JULY 30'The National Institute of Standards and Technology has set up a computer security expert assist team, called CSEAT, to improve agencies' infrastructure protection and share best security practices.

'It was kind of a surprise' to get a budget line item for CSEAT, said its director, Kathy Lyons-Burke. 'We didn't expect Congress to give us the money.'

The first review started in June at the Federal Emergency Management Agency. The process takes about three months. 'We don't give a grade, and we don't break in,' Lyons-Burke said. 'We will apply consistent control objectives and criteria' across agencies and eventually draw an overall comparative picture of federal security policy.

NIST's independent reviews will not duplicate the work of existing computer emergency response teams or of the Federal Computer Incident Response Capability, the National Infrastructure Protection Center or the Critical Infrastructure Assurance Office, Lyons-Burke said. CSEAT will come in only at an agency's request or, for high-risk programs, with a push from the Office of Management and Budget.

Each review will produce high-level findings, a 'sanity check' of how well personnel understand policies, and a report with prioritized recommendations, she said. Although there is no cost to the agency except for providing documentation and a contact, NIST requires agency feedback after 30 days and again after 180 days about which recommendations were followed and why.

Agencies can request a security review by sending e-mail to [email protected]

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected