Watchfire, a vendor of online risk management software, will on Monday release a product designed to help government Web sites comply with a broad range of security, privacy and other federal regulations.
The eGov Compliance module of Watchfire's WebXM compliance auditing tool targets requirements in the Federal Information Security Management Act (FISMA), passed by Congress in 2002, as well as other Web mandates from the White House Office of Management and Budget (OMB).
Unlike some other FISMA compliance products, the Watchfire tool focuses on Web site standards, as opposed to other parts of government agencies' IT assets, said David Grant. senior director of product development for Watchfire. "A Web site is more and more part of your critical IT infrastructure," Grant said. "It's a growing piece of FISMA."
Watchfire's announcement comes after the House of Representatives Government Reform Committee released its annual grades for cybersecurity and FISMA compliance at 24 large federal agencies. Eight agencies, including the departments of Defense, State and Homeland Security, received failing F grades, and another five agencies received grades between D+ and D-. Seven agencies, including the Department of Labor and the Social Security Administration, received grades of A- or better.
While Web site security isn't the only IT area measured by FISMA, it can be a problem for many agencies, Grant said.
A Watchfire survey of the 20 largest U.S. government agencies this quarter found that 11% of agency Web sites contained third-party cookies, 32% of sites contained first-party cookies with no user privacy preferences enabled, and 11% of sites used third-party images containing cookies that track user activity, Watchfire said. In addition to those FISMA violations, Watchfire found violations of other OMB rules, including broken links at 19% of the government Web sites, missing search engine metadata at 80% of the sites, and slower-than-acceptable page loading times at 81% of the sites.
WebXM, using a Web-based reporting tool, is designed to automate the auditing and analysis of FISMA security and privacy rules, as well as OMB requirements for Web site quality and accessibility, Watchfire said. The tool also has an automated inventory function to help agencies to comply with FISMA rules on completing IT inventories. The new eGov Compliance also automates the analysis and reporting of OMB guidelines and best practices as defined by the U.S. Interagency Committee for Government Information (ICGI), said Watchfire, a 10-year-old company based in Waltham, Mass.
The dynamic nature of Web sites can make compliance challenging, Grant said. "They're changing all the time," he added. "They're very hard to lock down."
Watchfire's eGov Compliance module ships with compliance reports focusing on nine categories of best practices defined by the ICGI Web Content Managers Working Group. They can be customized to an agency's individual needs in areas such as managing content, search functionality, and site improvements, Watchfire said.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment