Federal procurement officials seem upbeat about agencies' security postures

Federal procurement officials seem upbeat about agencies' security postures

Federal contracting officers might be overconfident about their ability to acquire and implement secure hardware and software, one IT vendor at the GSA Expo in San Diego says.

A survey by Xerox Corp. of more than 250 federal contracting officers and managers attending the General Services Administration's annual trade show and conference showed that nearly two-thirds have internal security certification standards in place, and 91 percent are confident that vendor offerings can provide adequate security.

'I was a little surprised that respondents generally believe they have their acts together on security,' said Marlon Miller, digital systems marketing manager for Xerox's public sector sales.

'At a high level, they are beginning to put the mechanics of the programs in place,' Miller said, but he sees a disconnect between what IT officials think is good security and what is implemented by contracting officials. 'I don't think the procurement people are giving [IT security] its due.'

He also believes that confidence in off-the-shelf products and services is misplaced. He said verification of vendor claims through a program such as the National Information Assurance Partnership is essential.

'The typical buyer does not have the skill sets to determine if what the vendor is telling you is accurate,' he said. 'Without some independent evaluation like NIAP or some in-agency information assurance support, you don't know how good the security profile of that hardware or software really is.'

Miller said that Xerox got into the security business several years ago when stand-alone copiers morphed into multifunctional digital networked devices.

'When you put one of these on your network, you introduce a lot of additional security concerns,' he said. 'We are working hard to lock down the box tight.'

The survey also found that information sharing, seen as an increasingly vital element in national security, might be getting more difficult under the weight of IT security. About 48 percent of respondents said that heightened security controls, such as the Federal Information Security Management Act, have prohibited the easy exchange of information across their agencies.

Part of this could be caused by the lack of security in the File Transport Protocol, Miller said.

'FTP used to be a really easy way to do file sharing,' he said. But 'a lot of agencies have virtually shut down FTP across their networks. It's not particularly secure, and opening up that protocol on a server means you make that server easier to attack.'

Adequate IT funding was cited by 30 percent of respondents as the most pressing problem across government, while 26 percent said the outsourcing of federal jobs was their major concern. Other responses were fairly evenly divided among concerns over identity theft, adapting to electronic government and information security.

About the Author

William Jackson is a Maryland-based freelance writer.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.