Egts wrote in a FedScoop article published Tuesday that one of the approaches agencies can do is collaborating with vendors to determine whether an operating system or software offers the security capabilities that they need.
“Many of these vendors offer free workshops and individual and group skills assessments,“ he noted.
“These are designed to help you familiarize yourself with their solutions and provide a baseline evaluation so you can understand where to focus your training,“ he added.
Egts called on agencies to tap outside resources and communities to identify hidden features of applications and operating systems and facilitate the decision-making process.
Some of the resources that agencies can use include the Gov-sec forum; SCAP Security Guide; and the National Institute of Standards and Technology's National Checklist Program Repository.