DOJ cybersecurity effort aims for Center of Excellence status

The Justice Department will attempt to become a Center of Excellence for the Cybersecurity Line of Business initiative, a senior agency official said.Dennis Heretick, DOJ’s chief information security officer and director of the agency’s IT security staff, said yesterday at a workshop in Washington that the department will submit a business case to the Office of Management and Budget outlining how its Cyber Security Risk and Assessment and Management program could become a standard for federal agencies.Justice launched CSAM to document measures the agency takes to maintain the security of its IT systems, Heretick said, and he described it as similar to a Defense Department initiative. Heretick said Justice implemented “best practices” from the Transportation, State and Homeland Security departments, as well as the intelligence community.Heretick, speaking at an Information Security Report Card Symposium sponsored by the CIO Council, said the CSAM program also relied heavily on Justice’s Certification and Accreditation client and TrustedAgent, a data-management program developed by Trusted Integration Inc. of Alexandria, Va., that streamlines and standardizes Federal Information Security Management Act information. “These tools provide online procedures, templates and subject-matter expert help instructions that allow us to emphasize implementing security versus spending on documenting security plans,” Heretick said.The Cybersecurity Line of Business initiative is an effort by OMB to get a clear understanding of how much money federal agencies are spending on IT security. DOJ is one of a handful of agencies seeking to become a Center of Excellence; the other agencies were unknown at press time.