White House Specifies Classified Data Assessment Requirements

In response to the WikiLeaks scandal, agencies must report by Jan. 28 how they manage and protect national security information.
Top 10 Government Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Government Stories Of 2010
Federal agencies have until Jan. 28 to assess how they manage classified national security information to comply with a White House order in the wake of the WikiLeaks scandal in November.

On Nov. 28, the Obama administration directed agencies to review safeguarding procedures for federal data that's been categorized as classified. The move came after nearly 2,000 confidential U.S. embassy cables were published on the WikiLeaks website and then online via a host of international news outlets, including the New York Times, the United Kingdom's Guardian, and France's Le Monde.

In an Office of Management and Budget (OMB) memo released Monday, the White House laid out specifically what agencies must do to meet the terms of the order.

The memo also reminds some agencies to provide the White House with information about the security of classified computers networks and systems, a move that is separate from the general assessment all agencies must complete by Jan. 28.

Agencies are required to report to the OMB what they've done or plan to do to address identified vulnerabilities, weaknesses, or gaps in automated systems containing classified information, according to the memo. They also must assess any plans for changes or upgrades to classified networks, systems, applications, databases, Web sites, and online collaboration environments.

The order also demands that agencies assess all security, counterintelligence, and information assurance policy and regulatory documents that are specific to them.

Last year's leak of embassy documents to WikiLeaks -- an international scandal that has been called "Cablegate" -- has renewed the government's interest in locking down federal networks that handle classified information. This activity in turn is providing new opportunities for security firms and solution providers to help agencies in this endeavor.

Fidelis Security Systems, for example, recently won contracts with several agencies to block classified content from the Web from reaching unclassified federal networks.

In an unrelated but similar move, the Air Force is preventing its personnel from accessing the websites of global news agencies that published the WikiLeaks cables.

Editor's note: The article was amended to accurately reflect the number of diplomatic cables that have been published by WikiLeaks.

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading