DHS' Coose Likes What He Sees at NASA

The Homeland Security official responsible for driving new White House requirements for continuous monitoring of networks across government endorsed NASA's bold move to ditch existing policy of certifying network systems as compliant with an unpopular security law.

"It's the right step to reallocate resources," said Matt Coose, director of federal network security at DHS who was charged with enabling federal agencies to undertake continuous monitoring that define new Federal Information Security Management Act requirements. Those resources can then be used to deploy tools like those in place at the State Department, whose widely lauded risk-scoring program scans every computer and server connected to the department's network no less than every 36 hours to identify security vulnerabilities and twice a month to check software configurations. The program assigns points on a scale of zero to 10, with 10 noting systems that have the riskiest security threats.

"Other agencies should follow their lead and many are," Coose said. For those at a loss for how to start, DHS will release in the next couple of weeks a new version of metrics to help guide agencies in deployment of automated tools for monitoring their own networks.

"Part of my job is to not only measure [agency progress], but publish reference architectures and potential solutions that support these requirements so folks don't have to start from scratch," Coose said.