The plan encompasses the following initiatives:
Security Incident Response & Coordination: Funds will be used to significantly expand the capabilities of the recently established HHS Computer Security Incident Response Center (CSIRC), which is co-located with the CDC Security Operations Center in Atlanta. The CSIRC will expand to support 24 X 7 operations that will coordinate all Department and OPDIV actions to monitor, detect, react, and mitigate (or prevent) attacks against HHS and OPDIV systems. This will include the centralized reporting of security incidents to the U.S. Computer Emergency Response Team (CERT), which is operated by DHS. Nominal start-up activities were initiated for the CSIRC in September 2008, and included funding for one government FTE at the CDC in Atlanta, Georgia to manage the HHS CSIRC.
• OPDIV Security Engineering and Technical Staff Support: One of the highest priority requirements identified by each of the OPDIVs was the need for additional security technical staffing support. Funds will help alleviate the current security workload backlog of OPDIV security staffs. The backlog is identified in the remediation work associated with the Federal Information Security Management Act (FISMA) Plan of Action and Milestones (POAMs) that are in place at each of the OPDIVs. HHS has also been challenged to keep up with the weekly assignments and tasks generated by the US Computer Emergency Readiness Team (CERT). OPDIV reviews of security audit logs from firewalls, IDS systems, operating system logs, etc…require improvements. Automated tools can assist, but ultimately security technical staff must make a final determination for each of the alarms generated from system audit log data. The funding will assist each OPDIV in being able to respond in a more timely manner to US CERT tasks, and also begin more timely reviews of system audit logs, and reduce the POAM backlog.
Enterprise-wide Security Situational Awareness: Funds will provide enhanced Department-wide computer systems intrusion detection capabilities, security information event management systems, and network forensics capabilities. This includes capabilities to collect and analyze the large set of security audit log data that is collected by HHS computer systems.
• Endpoint (Desktop Computer) Protection, Internet Content Web Security Filtering, and Data Loss Prevention: Federal government computers are being compromised by malicious software (malware) and other computer viruses and worms that are introduced into government computing environments when users unknowingly visit infected web sites. The malware takes advantage of any weak security controls that may be implemented in government computer systems. Funds will provide all OPDIVs with a number of advanced security tools to strengthen end user computer defense mechanisms against malware attacks, and also prevent sensitive data from being extracted from the Department’s computer systems and databases.
• Enhanced OPDIV Security Architecture, Engineering and Implementation: Utilizing an HHS contract managed by the Department CISO, this initiative develops or updates OPDIV plans for securely architecting our computing environments into secure enclaves. Provides a number of security solutions specifically for OS and IHS, enhancing the protection of sensitive data, and also provides for secure remote access, firewall upgrades, multi-factor authentication, network access control, and enhanced security of the domain name system (DNS).