States, Local Governments Can Tap Into $6 Billion Program
John Streufert, the DHS director overseeing the rollout of a federal continuous diagnostic initiative to mitigate IT systems vulnerabilities, expects that many state and local governments will participate in the program.
Known as the Continuous Diagnostic and Mitigation program, the Department of Homeland Security initiative offers agencies at all levels of government the ability to purchase discounted hardware, software and services to assess cybersecurity risks and present those risks in a continuously updated dashboard.
Congress has earmarked up to $6 billion over the next five years for governments at all levels to buy continuous monitoring and mitigation goods and services (see $6 Billion DHS IT Security Plan Advances).
"Word is beginning to move out to a number of states that this contract is available to make purchases of diagnostic tools," Streufert, director of Federal Network Resilience within DHS's National Protection and Programs Directorate, says in the second of a two-part interview with Information Security Media Group.
"Some of the states already have these tools in place and are looking for better prices," Streufert says. "Some of the states are in initial conversations with their senior leadership and their legislature about the importance of protecting taxpayer information."
In the interview, the second in a two-part series, Streufert:
Reviews the products and services federal agencies and local and state governments can acquire under the program from 17 approved vendors; Explains how agencies can judge the success of the initiative; and Provides an overview of when various components of the initiative will be offered.In part 1 of the interview, Streufert discusses the goals of the continuous diagnostic and mitigation programs, delineates the responsibilities of federal agencies in implementing the new program and explains why the federal government refers to continuous monitoring as continuous diagnostics (see Implementing Continuous Monitoring Plan).
Before joining DHS, Streufert served from 2006 to 2012 as the State Department's chief information security officer, where he instituted a program that resulted in an 89 percent reduction in risk in 12 months (see Beyond FISMA: State Dept.'s Next Gen Metric).