Wednesday, August 13, 2008

OMB Memo 08-22

It is about FDCC compliance, which and it offers no new content for me. I am also a day or two late.

http://www.whitehouse.gov/omb/memoranda/fy2008/m08-22.pdf

The interesting part is on page 4:
Revised Part 39 of the Federal Acquisition Regulation (FAR) On February 28, 2008, revised Part 39 of the Federal Acquisition Regulation (FAR) was published which reads:
PART 39-ACQUISITION OF INFORMATION TECHNOLOGY
1. The authority citation for 48 CFR part 39 continues to read as follows: Authority: 40 U.S.C. 121(c); 10U.S.C. chapter 137; and 42 U.S.C. 2473(c).
2. Amend section 39.101 by revising paragraph (d) to read as follows:
39.101 Policy.
* * * * *
(d) In acquiring information technology, agencies shall include the appropriate IT security policies and requirements, including use of common security configurations available from the NIST's website at http://checklists.nist.gov. Agency contracting officers should consult with the requiring official to ensure the appropriate standards are incorporated.
I think that this has been implied for quite some time, but this is the first time that I have personally taken notice of it. Take note of the first four words in the paragraph "In acquiring information technology". Not software, not hardware, that's everything. Outsourcers, be prepared!

In other events, the C5 auditing platform by Secure Elements has built in some functionality to be "green", and that isn't President Management Agenda green - it is TreeHugger green. For which I am happy. Why? I compost, I recycle, I garden organic and I have TerraPass for 25 tons of carbon per year to offset the cars and house. I bought a laptop based on its energy rating, all my lightbulbs are CFLs and I am currently on a quest to reduce my vampire power consumption. So yea!

That's all I have for now.

No comments: