“This is a huge step for us and an end of long journey and the beginning of another one,” says Jeff Mohan, AT&T’s executive director of the Networx program office. “We’ve got orders from six agency customers and we are in the various stages of implementation.”
Mohan adds that AT&T already has some federal customer using their cybersecurity services, but they couldn’t call it MTIPS until DHS and GSA approved their certification and accreditation documents.
The Office of Management and Budget is requiring every agency to implement a standard set of cybersecurity services under the Trusted Internet Connections initiatives. Agencies can either buy these services from one of the four Networx carriers, or implement the software themselves. The Government Accountability Officer reported in April that 16 agencies will implement TIC services on their own, leaving more than 90 to receive services from the carriers or other agency providers.
Qwest, Sprint and Verizon also received awards to be MTIPS providers, but haven’t received the authority to operate on a governmentwide basis yet.
“Sprint is anxiously awaiting its authority to operate from the GSA chief information officer’s office,” says Bill White vice president of federal sales at Sprint in an e-mail. “In parallel we have been successful in winning new MTIP’s business. Those new customers will be turned up as soon as we receive the ATO green light.”
Qwest spokesman Tom McMahon says its MTIPS program has received the authority to operate from the Treasury Tax and Trade Bureau, but not from GSA for the governmentwide use.
“The MTIPS solution will be installed at that agency by the end of the year to meet the deadline for OMB’s mandate,” he says. “Other agencies also have contacted us about MTIPS, so look for more news about the deployment of this security solution for federal agencies in the near future.”
A request for comment from Verizon was not returned.
“We now can turn on some features they were not getting service from like the connection to U.S. CERT, specific alarms and surveillance on their Internet port,” Mohan says.
“Probably the biggest benefit is the consistency agencies will have now. Before the TIC memo came out, some agencies did extensive cyber measures and some less extensive. TIC calls for a governmentwide and industrywide standard and this drives a lot of consistency into the process, including how agencies will see potential attacks, how these attacks are reported to the government and other things.”
It took AT&T nearly two years to receive approval to operate from the time GSA issued the request for quote for MTIPS services.
Mohan says it took almost a year for AT&T’s services to be certified and accredited. Overall, the entire process, which includes building six facilities, cost many millions of dollars and required thousands of documents.
“The most challenging part of this was the shear amount of documents and process review required for the high level certification,” he says. “GSA and DHS took a more rigorous and deep look into our processes, including things as simple as how we manage passwords or how we secure our printers, or how you badge people who are allowed access to our facility and how you secure that list.”