CSEAT will review agencies' security for free

CSEAT will review agencies' security for free

By Susan M. Menke

GCN Staff

JULY 30'The National Institute of Standards and Technology has set up a computer security expert assist team, called CSEAT, to improve agencies' infrastructure protection and share best security practices.

'It was kind of a surprise' to get a budget line item for CSEAT, said its director, Kathy Lyons-Burke. 'We didn't expect Congress to give us the money.'

The first review started in June at the Federal Emergency Management Agency. The process takes about three months. 'We don't give a grade, and we don't break in,' Lyons-Burke said. 'We will apply consistent control objectives and criteria' across agencies and eventually draw an overall comparative picture of federal security policy.

NIST's independent reviews will not duplicate the work of existing computer emergency response teams or of the Federal Computer Incident Response Capability, the National Infrastructure Protection Center or the Critical Infrastructure Assurance Office, Lyons-Burke said. CSEAT will come in only at an agency's request or, for high-risk programs, with a push from the Office of Management and Budget.

Each review will produce high-level findings, a 'sanity check' of how well personnel understand policies, and a report with prioritized recommendations, she said. Although there is no cost to the agency except for providing documentation and a contact, NIST requires agency feedback after 30 days and again after 180 days about which recommendations were followed and why.

Agencies can request a security review by sending e-mail to cseat@nist.gov.

inside gcn

  • health data

    Improving the VA patient journey with data transparency

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group