SEC hires SRA for info assurance

SRA International has won a task order to provide information assurance service to the Securities and Exchange Commission's information technology security program.

The task order was awarded under the Chief Information Officer Solutions and Partners 2 Innovations program. The order has an estimated value of $12.7 million. The contracting authority making the award was the General Services Administration's Federal Technology Service Center for Information Security Services.

SRA will work with the SEC's Office of Information Technology to develop a cost-effective IT security program, according to company officials. Under the task order, SRA will develop an IT security architecture, provide a training and awareness program to promote compliance with that architecture, and develop a compliance monitoring and enforcement program.

Services covered under the contract include security architecture, audit, technical consulting, security policy review, compliance and oversight, awareness and training, and systems security and risk assessment. The SRA contract team includes System 1.

The task order follows a March report from the Government Accountability Office that found fault with the SEC's security regimen. "SEC has not effectively implemented information systems controls to protect the integrity, confidentiality and availability of its financial and sensitive data," the report states. The commission "has not fully developed and implemented a comprehensive agency information security program," according to the report.

In addition, GAO found that SEC established information security awareness programs for employees and contractors, but did not ensure that all personnel assigned to specialized IT positions completed security awareness training.

Moore is a freelance writer based in Syracuse, N.Y.