Department of State

Department of State

The Department of State plays the lead role in developing and implementing the President’s foreign policy. Major responsibilities include United States representation abroad, foreign assistance, foreign military training programs, countering international crime, and a wide assortment of services to U.S. citizens and foreign nationals seeking entrance to the U.S.

The U.S. maintains diplomatic relations with approximately 180 countries — each posted by civilian U.S. Foreign Service employees — as well as with international organizations. At home, more than 5,000 civil employees carry out the mission of the Department.

The Secretary of State serves as the President’s top foreign policy adviser, and oversees 30,000 employees and a budget of approximately $35 billion.

Cyber/Information Technology

  • The Department of State has a Cybersecurity Incident Program (CISP), initiated 10 Jan 2007, to “enhance the protection of DoS’s cyber infrastructure by identifying, evaluating, and assigning responsibility for breaches of cyber security.”
  • U.S. Department of State’s bureaus of Information Resource Management (IRM) and Diplomatic Security (DS) received NSA’s Frank Byron Rowlett Award for outstanding excellence in information systems security in Nov 2009
  • State Department looking for Information Management Tools to protect the visa and passport issuing system.
  • John Streufert, CISO of the department, is highly regarded for his attention to the 20 most critical security controls as articulated by the Consensus Audit Guidelines (CAG) and using the Security Content Automation Protocol (SCAP). FISMA type monitoring is also done, but the shift to continuous monitoring has been critical to enhancing security posture.

Recent Trends

  • With a program of continuous monitoring, distributed responsibility for IT security and focusing on critical controls and vulnerabilities, the department has significantly improved its security posture while lowering the cost
  • The number of high-risk security vulnerabilities was reduced by 90 percent from July 2008 to July 2009 and the cost of certifying and accrediting IT systems required under FISMA was cut by 62 percent by continuously updating security data
  • They perform scans every two to 15 days rather than every three years, and each of the department’s 260 embassies and 40 domestic offices are regularly scored on their security posture and assigned a grade every 36 hours on a scale of A+ to F-.
  • SafeNet hosting 2010 DoS Cyber Forum Nov 30,


The department has a global mission with a global network and technology in embassies, consulates and offices in every country. These networks must be protected. So must the mobile devices in use throughout the department.

Items of Interest

State Department, Auditors Clash on IT Security Monitoring

GAO found that the State Department’s IT security control risk-scoring program (iPost) does not sufficiently detail security vulnerabilities, does not update data completely or frequently enough and does not have processes in place to validate its data. Also, this system only addresses Windows systems, not routers, switches or other operating systems. iPost, State’s application for monitoring, covers all of their systems across the globe. Enterprise management and monitoring software feed data into iPost. This system is clearly in need of a re-vamp.

International Law covers threats, Cyber Czar Says

Christopher Painter, coordinator for cyber issues for State Department, says the need is for “a discussion around the norms that are in cyberspace, what the rules of that road are, and we need to build a consensus around those topics.”

State services migrating to cloud

State Department will migrate the following services to the cloud

  • Website Hosting
  • Program Management
  • Electronic Library

Christopher Painter as Coordinator of Cyber Issues

Former White House cyber official as well FBI Deputy Assistant Direct of Cyber Division.