State needs help to certify its contractor IT systems
- By Rob Thormeyer
- Jan 27, 2006
The State Department is looking for help from another agency as it improves the security of its contractor computer systems.
At the same time, the agency also is likely to offer its services for agencies with overseas offices as they face upcoming Homeland Security Presidential Directive 12
In a wide-ranging speech yesterday at an event sponsored by the market research firm Input Inc. of McLean, Va., David Ames, State's deputy CIO and chief technology officer, said the department is 'definitely thinking about' providing common infrastructure at overseas locations that can read new Personal Identification Verification cards that all agencies must start issuing later this year to their employees.
'We thought [that] with all the foreign affairs agencies we have in our posts, it would be very beneficial if there would be a common badging system,' he said. 'Yes, we are definitely thinking about' doing that.
But perhaps more pressing, Ames'who is retiring this summer'said State is looking to bend the ear of any agency who has excelled in certifying and accrediting their IT systems.
Although State has improved security for its high-risk systems, Ames said the agency needs help in order to meet changing Office of Management and Budget requirements'especially for those systems operated by outside contractors.
'We have been dinged by OMB and the [inspector general] because we haven't kept good track of our contractors,' he said. 'One of the things we're certainly interested in is, if other federal agencies have already certified your programs at your sites, we should be able to take a lot of that information and simply use it instead of reinventing the wheel,' Ames said. 'I know that's one of the things we're very, very interested in. That's going to be a huge, huge push for us in the near future.'
Ames said State has spent more than $30 million over the past 18 months to certify each of its highest-risk programs so it could meet standards outlined in the E-government portion of the quarterly Presidential Management Agenda scorecard. Before that, 'State has zero programs and inventories accredited,' Ames said. 'Zero.'
Although it is now out of the red status, staying in compliance is 'very difficult because now [OMB] keeps moving the bar,' he said. 'So now we have to do all the programs' at the department.
Meanwhile, Ames said State is making considerable headway in its efforts to deploy thin clients to its workers as part of its Global IT Modernization program.
Thin clients are workstations consisting of monitors and keyboards that connect workers to a central server instead of an individual hard drive. Users access the thin-client networks via multiple passwords, and State's technologists are looking to add biometric and smart-card access controls to the systems.
In late 2004, State had installed
thin clients in Vienna, Austria, and Moscow.
Ames said that in fiscal 2007, State will install 'nothing but thin clients' at its Washington headquarters for classified systems.
Using thin clients 'is a huge boon,' Ames said. 'It's a huge boon from a security standpoint; it's a huge boon from a financial management perspective; and it's a huge boon for the support services. It's really a big, big plus and we're going to be doing it in a big way.'