VARs Needed For Security Enhancement, Government Survey Finds

VARs able to help the federal government improve software quality, comply with Federal Information Security Management Act (FISMA) requirements and implement wireless security controls are in high demand, according to a survey of chief information security officers (CISOs) at civilian and defense agencies.

Ashburn, Va.-based Intelligent Decisions interviewed 29 of the government's top security professionals about current and future priorities in their given federal agencies. Twenty-three percent ranked software quality assurance as the top concern requiring assistance from the private sector, 15 percent noted the need for a real-time FISMA compliance tool, and 14 percent cited guaranteed protection for managed security services. Furthermore, network security, disaster recovery,and authentication ranked as the three most important products and services by 28 percent, 16 percent, and 15 percent of respondents, accordingly. Among the trends expected to gain momentum include the increased use of wireless networks and mobile devices, single sign-on/multifactor authentication, and convergence of database and network security.

"There are a couple of reasons for the increase in concern for software quality assurance," says Roy Stephan, director of cybersecurity at Intelligent Decisions. "First, intelligent viruses that attack vulnerabilities relating from poor software development; and second, the increased use and adherence to the Common Criteria [security] certification from NIAP."

Despite recommendations from the National Institute of Standards and Technology (NIST), most agencies have implemented only two of the four wireless security controls, according the survey.

id
unit-1659132512259
type
Sponsored post

"The majority of agencies have implemented the first control [configuration required for the deployment of wireless security tools] and one other, but less than half of the CISOs have implemented all four controls as recommended by NIST," Stephan says.

The other requirements include monitoring programs to ensure policy compliance, wireless security policy training for employees and contractors, and comprehensive policies in the implementation and use of wireless networks.

"There is plenty of documentation on the widespread use of wireless throughout the government, and this lack of control is a serious issue for information assurance," Stephan says.