February 22, 2000
MEMORANDUM FOR THE HEADS OF DEPARTMENTS AND AGENCIES
FROM: John Podesta, Chief of Staff
SUBJECT: Security of Federal Information Systems
In light of recent events regarding the security of government web sites, I want to remind you that each agency is required to maintain adequate security of all information systems -- especially those that are publicly accessible. The importance of this cannot be overstated.
The Chief Information Officers Council, the National Institute of Standards and Technology (NIST) and the General Services Administration (GSA) are working together to assist you in improving computer security and critical infrastructure protection. They are developing performance measures to assess computer security programs, compiling sample policies and best practices to share across government, and developing ways to facilitate the timely installation of security patches for known vulnerabilities.
Technical and operational security guidance is available to protect your web sites and computer systems. Please ensure that your staff is following the guidance from NIST and GSA's Federal Computer Incident Response Capability which may be found on their respective websites -- http://csrc.nist.rip and http://www.fedcirc.gov.
All agency security practices should be consistent with NIST/GSA guidance and with the security policies issued by the Office of Management and Budget. In addition, the security practices for your national security systems should comport with applicable guidance for those systems. Thank you.