Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy
  • Privacy
  • Cybersecurity
  • Data Strategy
  • Disruptionware

Federal IT Modernization Report Recommendations

Share

This post is part of a continuing DBR on Data series on Executive Order 13800 and updates on its implementation a year after passage.

Strengthening federal information technology (IT) has been one of the priorities of the current administration, as outlined in the May 2017 Executive Order 13800. As summarized in our previous blog, the Director of the American Technology Council (ATC) was tasked, among other things, to coordinate the preparation of a report to the president regarding modernization of federal IT infrastructure. The draft report was made available for public comment in August, and finalized in December 2017. The final report’s implementation clock started on January 1, 2018.

Key recommendations of the report

The final report is structured around two major themes: “Network Modernization & Consolidation” and “Shared Services to Enable Future Network Architectures,” followed by a number of appendices detailing aspects relevant for implementation.

For the network modernization and consolidation, the report identified several objectives, such as “reduce the federal attack surface,” improve visibility and resilience against sophisticated attacks, and ensure that new technology can be used without sacrificing reliability or performance.  Accordingly, the implementation plan focused on the following three areas, with certain milestones required to be reached within the 30-, 60-, 90-, 120-, 150-, 180-, and 365-day period:

  • Prioritize the modernization of high-risk high value assets.
  • Modernize the trusted internet connections and national cybersecurity protection system program to enable cloud migration.
  • Consolidate network acquisitions and management.

With regard to shared services that would enable future network architectures, the report’s recommendations are as follows (each with a different milestones timeline):

  • Enable use of commercial cloud.
  • Accelerate adoption of cloud email and collaboration tools.
  • Improve existing and provide additional security shared services.

Enhanced use of commercial cloud is envisioned through:

  • Vendor-owned and operated servers and applications (Software as a Service, SaaS).
  • Vendor-owned and operated servers and government-operated applications with networks that utilize a secure connection (Infrastructure as a Service).
  • Government-owned data center buildings with vendor-owned and operated service.
  • Vendor-owned and operated data centers with servers dedicated for government use.
Appendices provide guidelines for implementation

The report’s appendices provide guidelines for implementation. The following is a brief overview of each of the appendices:

“Appendix A: Data-Level Protections and Modernization of Federal IT” discusses such issues as encryption of data in transit and at rest, multi-factor authentication, the least privilege principle, application whitelisting, mobile device security, and others.

“Appendix B: Principles of Cloud-Oriented Security Protections” describes government-specific security needs, and potential ways to achieve appropriate protection.

“Appendix C: Challenges to Implementing Federal Wide Perimeter-Based Security” focuses on cloud security and situational awareness, encrypted network traffic, overreliance on static signatures, use and value of classified indicators.

“Appendix D: Acquisition Pilot: Change the Buying Strategy to Government-As-One-Purchaser” proposes creating “virtual street corners” for vendors of cloud applications and services, to encourage a robust marketplace for the government to reach into.

“Appendix E: Legal Considerations” cites key Acts and statutes supporting the actions recommended by the report, including those related to privacy, homeland security, technology modernization, and fiscal aspects.

“Appendix F: Summary of Recommendations” presents the report’s actionable recommendations in the form of a consolidated table and associated timelines for the specified milestones.

“Appendix G: Summary of Comments Received” concludes the report, summarizing in just over two pages the public input received from over 100 commenters over the three-week period following the issuance of the draft report.

One year later

A year has passed since the issuance of the Executive Order 13800, and the half-year mark has just passed for the Federal IT Modernization report’s implementation plan.  Changes in IT-related processes and practices are sweeping through the government’s agencies and departments.  Their full impact still remains to be seen.  What is clear, however, is that much work still needs to be done, as documented, for example, in the just-released “Federal Cybersecurity Risk Determination Report and Action Plan.”  The IT modernization continues to be one of the top priorities on the President’s Management Agenda.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

Receive Email Alerts to New Articles

SUBSCRIBE

June 28, 2018
Written by: Svetlana Lyapustina
Category: Cybersecurity, Privacy
Tags: cybersecurity, Executive Order 13800, federal information technology, privacy, security

Post navigation

Previous Previous post: OMB Releases Report on Federal Cybersecurity Risk
Next Next post: Singapore Taekwondo Federation Fined by Personal Data Protection Commission for Unauthorized Disclosure of Minors’ Information

Search the Blog

Sign Up for Email Alerts

PODCASTS

Faegre Drinker on Law and Technology

©2023 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT