The following item was posted by Gautham Nagesh

Because June marks the culmination of several initiatives to standardize information technology practices to improve information security, Karen Evans, administrator of the Office of Electronic Government and Information Technology at the Office of Management and Budget, took a moment on Tuesday to discuss the big picture at a conference sponsored by 1105 Government Information Group in McLean, Va.

Evans said the upcoming deadlines for agencies to comply with several IT initiatives was a deliberate choice, designed to help tie together the separate initiatives into one coherent security strategy across the government. She discussed the Trusted Internet Connection initiative, the shift to the newest Internet protocol called IPv6, the issuance of HSPD-12 credentials and the Federal Desktop Core Configuration, which requires users operating with a Microsoft desktop environment to adopt a standard configuration for the desktop.

Under HSPD-12, agencies are required to issue employees new ID cards by Oct. 27 year. Simultaneously, users will only be able to access networked resources via 50 trusted Internet connections on computers that conform to the core configuration standards and utilize the more secure IPv6. Finally, new data-at-rest encryption requirements aims to ensure that all data, whether during transmission or at rest, will be secure. “We owe it to the taxpayers, because we collect all this information, oftentimes without a choice for them,” Evans said. “Paying taxes for instance. We don’t want the IRS losing that data and then someone’s identity is compromised.”

Evans repeatedly referenced the June 30 deadline for agencies to comply with the TIC initiative, an OMB directive requiring agencies to reduce themselves to 50 trusted internet connections from the more than 4,000 outside connections currently in use. The outside connections include Internet connections as well as direct links to contractors. OMB wants to reduce the total number of pipelines into the federal government’s networks to 50 to make monitoring access and security easier.

“Agencies have to have the capabilities to meet the target date now,” Evans said. She said that her office would work with the most prepared agencies immediately and then address the others afterwards, but that she was committed to meeting the June target. She also emphasized that all of the products and services needed to comply with the directive were available through the Networx contract.

Networx is a huge $68 billion telecom contract, which is replacing the expired FTS2001 contract. While there has been some talk that the transition to Networx has been slower than the General Services Administration would like, Evans was upbeat about the contract’s potential to help agencies comply with her office’s policy directives. “We are hitting the Networx milestones,” Evans said.

She called Networx an opportunity to help agencies build the infrastructure necessary to achieve goals such as trusted internet connections and standardized desktop configurations.

FDCC is expected to increase data security and decrease vulnerability to outside attacks. Evans said there were more than 100 different desktop configurations available depending on the user’s needs, but compliance is critical to improving data security and facilitating the data encryption that will also be standard in the near future.

GSA plans to conduct automated sweeps of agencies’ configurations to check if they are complying with FDCC, IPv6 and the other initiatives. Evans said that taken together, the programs complement each other in a manner that helps dramatically increase the government’s information security.