Watchfire Corp., a vendor of online risk management software, will
on Monday release a new product designed to help U.S. government
Web sites comply with a broad range of security, privacy and other
federal regulations.
The eGov Compliance module of Watchfire's WebXM compliance auditing
tool targets requirements in the Federal Information Security
Management Act (FISMA), passed by the U.S. Congress in 2002, as
well as other Web mandates from the White House Office of
Management and Budget (OMB).
Unlike some other FISMA compliance products, the Watchfire tool
focuses on Web site standards, as opposed to other parts of
government agencies' IT assets, said David Grant. senior director
of product development for Watchfire. "A Web site is more and more
part of your critical IT infrastructure," Grant said. "It's a
growing piece of FISMA."
Watchfire's announcement comes after the U.S. House of
Representatives Government Reform Committee released its annual
grades for cybersecurity and FISMA compliance at 24 large federal
agencies. Eight agencies, including the departments of Defense,
State and Homeland Security, received failing F grades, and another
five agencies received grades between D+ and D-. Seven agencies,
including the Department of Labor and the Social Security
Administration, received grades of A- or better.
While Web site security isn't the only IT area measured by FISMA,
it can be a problem for many agencies, Grant said.
A Watchfire survey of the 20 largest U.S. government agencies this
quarter found that 11 percent of agency Web sites contained
third-party cookies, 32 percent of sites contained first-party
cookies with no user privacy preferences enabled, and 11 percent of
sites used third-party images containing cookies that track user
activity, Watchfire said. In addition to those FISMA violations,
Watchfire found violations of other OMB rules, including broken
links at 19 percent of the government Web sites, missing search
engine metadata at 80 percent of the sites, and
slower-than-acceptable page loading times at 81 percent of the
sites.
WebXM, using a Web-based reporting tool, is designed to automate
the auditing and analysis of FISMA security and privacy rules, as
well as OMB requirements for Web site quality and accessibility,
Watchfire said. The tool also has an automated inventory function
to help agencies to comply with FISMA rules on completing IT
inventories. The new eGov Compliance also automates the analysis
and reporting of OMB guidelines and best practices as defined by
the U.S. Interagency Committee for Government Information (ICGI),
said Watchfire, a 10-year-old company based in Waltham,
Massachusetts.
The dynamic nature of Web sites can make compliance challenging,
Grant said. "They're changing all the time," he added. "They're
very hard to lock down."
Watchfire's eGov Compliance module ships with compliance reports
focusing on nine categories of best practices defined by the ICGI
Web Content Managers Working Group. They can be customized to an
agency's individual needs in areas such as managing content, search
functionality, and site improvements, Watchfire said.
The eGov Compliance module for WebXM will be available Monday.
Pricing starts at US $75,000 for software housed on a customer's
computers, and $5,000 a month for a service hosted by Watchfire.
|
icon.
