Federal Systems Level Guidance for Securing Information Systems

A global explosion of Internet connected information systems has taken place over the past several years. With this rapid increase of system deployment the information security community has witnessed a dramatic increase in the number of private, business and government networks being compromised. The threat of information systems succumbing to vulnerabilities is increasing with the number of systems deployed. In recent months The SANS Institute's Internet Storm Center has detected coordinated international and domestic attacks directed specifically at United States information systems. Some international attacks have been quite; some attacks have not (can anyone say 'l1on' and 'Red Worm'?). A Congressional oversight committee has learned that despite strenuous efforts by the U.S. Government more than 155 separate Government computer systems were temporarily taken over by hackers last year. The need for security guidelines and defense-in-depth strategies has never been greater. As a result Federal legislation has been enacted to aid in securing of national information systems: the United States Federal Government has mandated government-wide information technology security reform and accountability. Several governmental agencies have developed system level guidelines for securing system implementation system hardening and system disposal at the end of its life cycle.