RFI aims at security info sharing

Data Analysis Capability RFI

The Federal Computer Incident Response Center today released a call for industry participation in an effort to develop common standards for exchanging security incident information.

The request for information (RFI) stresses that compliance with such standards likely will become a requirement to qualify for future federal security purchases.

For some time, FedCIRC has been working with the CERT Coordination Center (CERT/CC) on the Data Analysis Capability (DAC), a solution that will allow FedCIRC to analyze and correlate incident information across government. The idea is that as more agencies share information, the better the overall management of security incidents will be.

Several agencies have helped test the DAC and work through policy issues surrounding data sharing among agencies, but technologically, agencies face difficulty in combining information from proprietary commercial security systems.

The request for information asks industry to work with the CERT/CC and the Internet Engineering Task Force on the two standards under development: The Intrusion Detection Message Exchange Format and the Incident Object Description and Exchange Format. These standards are independent of the DAC but are the most relevant to the government's needs.

Industry involvement in the standards will become even more important down the line. "We expect that compliance with the DAC architecture is likely to become a requirement for future acquisition of security-related products by federal civilian agencies," the RFI states.

As more and more agencies purchase commercial intrusion detection and management systems, such a requirement could have big implications in the security market, the RFI points out.

A second pilot test of the DAC is planned for spring 2003, and FedCIRC is encouraging vendors that can make their solutions DAC-compliant by that time to participate.

Responses to the RFI are due via e-mail to FedCIRC by Feb. 28 at dac-rfi@fedcirc.gov.