The OCIO maintains a computer security incident response capability to address incidents across the department. The DOL Computer Security Incident Response Capability (CSIRC) functions in dual modes – proactive and reactive. The team proactively monitors federal and commercial computer incident response and homeland security groups (FedCIRC, CERT, etc.) to determine potential threats to DOL systems and newly discovered vulnerabilities in DOL systems and applications. The team then notifies the security officers at each component agency, and, as required, collects feedback on the mitigation of new vulnerabilities and threats.

Furthermore, the OCIO CSIRT is responsible for response to anomalies and incidents related to computer security in DOL systems and applications. The OCIO coordinates anomaly reporting to determine if potential threat activity is directed against one component agency or across all of DOL. Additionally, the OCIO is responsible for coordinating incident reporting to outside organizations, including law enforcement and government-wide incident response.

Tags: Government IT security