GAO documents state of IT security tech

A General Accounting Office study of commercially available IT security products considers 18 types of tools.

Rep. Adam Putnam (R-Fla.), chairman of the House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, requested the study for hearings on agency compliance with the Federal Information Security Management Act.

FISMA requires agencies to report annually on progress in implementing IT security programs. Progress to date has been disappointing, Putnam said.

GAO's study (accessible text file) does not mention specific products but evaluates the strengths and weaknesses of 18 technologies in five categories:

For access control:
  • Firewalls

  • Content management

  • Biometrics

  • Smart tokens

  • User rights and privileges.


  • For system integrity:
  • Antivirus software

  • Integrity checkers.


  • For cryptography:
  • Digital signatures and certificates

  • Virtual private networks.


  • For auditing and monitoring:
  • Intrusion detection systems

  • Intrusion prevention systems

  • Security event correlation tools

  • Computer forensics tools.


  • For configuration management and assurance:
  • Policy enforcement applications

  • Network management

  • Continuity-of-operations tools

  • Scanners

  • Patch management.


  • The technical discussion 'is intended to assist agencies in identifying and selecting cybersecurity technologies,' the report said. The factors to consider in effectively implementing security tools include:

  • Use in a layered, defense-in-depth strategy

  • Characteristics of an agency's IT infrastructure

  • Independent assessment of products

  • Staff training in secure implementation and use of products

  • Secure configuration.


  • To read the full report, 'Information Security: Technologies to Secure Federal Systems,' enter GAO-04-467 at www.gao.gov.

    About the Author

    William Jackson is a Maryland-based freelance writer.

    Featured

    • Records management: Look beyond the NARA mandates

      Pandemic tests electronic records management

      Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

    • boy learning at home (Travelpixs/Shutterstock.com)

      Tucson’s community wireless bridges the digital divide

      The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

    Stay Connected