Despite the increased attention focused on the rollout of the federal government's Trusted Internet Connections (TIC) initiative since a March 2010 GAO report highlighted the slower-than-expected progress most agencies have made in consolidating their Internet connections as required under TIC, it seems that few agencies are well positioned to make a January 31, 2011 deadline by which they are supposed to have all of their external Internet connections behind an access point provided by a certified Managed Trusted Internet Protocol Services (MTIPS) vendor. Among the factors currently influencing agencies' movement on this issue is the limited number of certified MTIPS providers under the Networx contract that agencies are obligated to use for procuring external Internet connectivity in compliance with TIC.
Not all agencies are dependent on third-party vendors to establish trusted Internet points of presence, and many of the largest agencies have sufficient infrastructure and capabilities to handled MTIPS by themselves. Smaller agencies are, generally speaking, more likely to need to look to Networx vendors to satisfy this requirement, and it appears that some are holding off procurement actions until currently certified MTIPS vendor AT&T gets some company. Federal agency procurements of contracted services such as Internet connectivity are ordinarily (under Chapter 6 of the Federal Acquisition Regulations) required to use competitive bidding and proposal processes, further constraining the ability to act of agencies who would prefer not to make sole-source procurements, even with proper justification. In the current situation, OMB continues to urge agencies to move forward, apparently without taking into consideration the dependency represented by the General Services Administration's approval of additional Networx vendors.
Krebs, KrebsOnSecurity, As Malware Memes
8 hours ago