The memo further identifies DHS as the agency responsible for performing regular and proactive scans of public facing segments of federal civilian agency networks.
The memo directs DHS to scan Internet accessible addresses and public facing segments of federal civilian agency systems for vulnerabilities on an ongoing basis as well as in response to newly discovered vulnerabilities on an urgent basis, to include without prior agency authorization on an emergency basis where not prohibited by law.
It also calls on DHS to: Maintain a mechanism for reporting website and system vulnerabilities (contractors should report on this as well to the relevant agencies); Continue to deploy consolidated intrusion detection and prevention capabilities; Develop guidance for reporting cybersecurity incidents to US-CERT; Report to OMB on the identification and mitigation of risks and vulnerabilities across agency information systems; Provide agencies with the results of scans; and, Offer additional risk and vulnerability assessment services upon the request of agencies.
