Archive for category Regulations & Guidance
"Fed Page" at WashingtonPost.com
Posted by Shahid N. Shah in Regulations & Guidance on November 7th, 2008
The Washington Post just launched The Fed Page, a new sub-site that uses charts, figures, online tools, blogs, and interactive features to examine the inner workings of the federal government. If you’re a federal architect, especially an EA, you’ll need to keep track of what changes the new Obama Administration will bring forth so it’s important to keep an eye on sites like this to know how the business of government might be conducted in the future.
Are your RFPs "green"?
Posted by Shahid N. Shah in Methodologies & Frameworks, Regulations & Guidance on September 23rd, 2008
Reducing energy consumption for IT (”greening”) is a major cost containment issue — something we’ll need to do in the times of budget cuts that are probably on the way. One key to achieving “green” in IT is the green request for proposal (RFP). The government should be driving energy efficiency in desktop and data center environments and use the RFP process to gain energy efficiency as part of their green IT goals. OMB hasn’t really mandated any “green IT goals” yet but I think they’re coming, especially if there’s a Democrat administration on the way (but even if it’s McCain).
Using RFPs is valuable for IT and it signals which areas the government might intend to push its vendors in the future. Commercial and Federal buyers should seek progressive energy efficiencies and cleaner manufacturing processes by pushing green across suppliers.
OMB Mandates Secure DNS by end of ‘09
Posted by Shahid N. Shah in Regulations & Guidance on August 28th, 2008
Karen Evans sent out the new OMB Memo 08-23 which requires secure DNS. Agencies need to submit a plan by September 5th for how they can plan the switchover by the end of 2009. Here are some snippets of what OMB is mandating (comes from the memo):
The Federal Government will deploy DNSSEC to the top level .gov domain by January 2009. The top level .gov domain includes the registrar, registry, and DNS server operations. This policy requires that the top level .gov domain will be DNSSEC signed and processes to enable secure delegated sub-domains will be developed. Signing the top level .gov domain is a critical procedure necessary for broad deployment of DNSSEC, increases the utility of DNSSEC, and simplifies lower level deployment by agencies.
Your agency must now develop a plan of action and milestones for the deployment of DNSSEC to all applicable information systems. Appropriate DNSSEC capabilities must
be deployed and operational by December 2009. The plan should follow recommendations in NIST Special Publication 800-81 “Secure Domain Name System (DNS) Deployment Guide,” and address the particular requirements described in NIST Special Publication 800-53r1 “Recommended Security Controls for Federal Information Systems.”
I do applaud the new requirement but it seems like having less than 15 months to make all this happen seems a little aggressive; I hope we all can pull it off. By pushing secure DNS at the government side the rest of the commercial sector might follow suit soon, too.
-
-
You are currently browsing the archives for the Regulations & Guidance category.
Who's Blogging Here
The founder of this blog is Shahid N. Shah, CEO of Netspective. Please help continue our conversations by commenting on any posts. If you'd like join and start blogging, just create an account and begin sharing your thoughts immediately.
Recent Comments