"Each initial assessment should be completed by January 28, 2011, and should include the following with respect to the attached list of self-assessment questions:"1. Assess what your agency has done or plans to do to address any perceived vulnerabilities, weaknesses, or gaps on automated systems in the post-WikiLeaks environment.
The US government's 11-page document on how to get various US government agencies to prevent future leaks has been leaked to MSNBC. It doesn't get any more ironic than that. After the various leaks made by WikiLeaks, the US government understandably wants to limit the number of potential leaks, but their strategy apparently isn't implemented yet. Here's the crux of the memo, which was sent this week to senior officials at all agencies that use classified material:
2. Assess weakness or gaps with respect to the attached list of questions, and formulate plans to resolve the issues or to shift or acquire resources to address those weaknesses or gaps.
3. Assess your agency's plans for changes and upgrades to current classified networks, systems, applications, databases, websites, and online collaboration environments as well as for all new classified networks, systems, applications, databases, websites or online collaboration environments that are in the planning, implementation, or testing phases - in terms of the completeness and projected effectiveness of all types of security controls called for by applicable law and guidance (including but limited to those issued by the National Security Staff, the Committee on National Security Systems, the National Institute for Standards and Technology).
4. Assess all security, counterintelligence, and information assurance policy and regulatory documents that have been established by and for your department or agency.