Internet Protocol Version 6: Federal Agencies Need to Plan for Transition and Manage Security Risks. GAO-05-471, May 20. http://www.gao.gov/cgi-bin/getrpt?GAO-05-471
Highlights - http://www.gao.gov/highlights/d05471high.pdf Results in Brief The key characteristics of IPv6 are designed to increase address space, promote flexibility and functionality, and enhance security. For example, using 128-bit addresses rather than 32-bit addresses dramatically increases the available Internet address space from approximately 4.3 billion in IPv4 to approximately 3.4 � 1038 in IPv6. Other characteristics increase flexibility and functionality, including improved routing of dta, enhanced mobility features for wireless, configuration capabilities to ease network administration, and improved quality of service. Further, IPv6 integrates Internet protocol security to improve authentication and confidentiality of information being transmitted. These characteristics offer various enhancements relative to IPv4 and are expected to enable advanced Internet communications and foster new software applications. Key planning considerations for federal agencies include recognizing that an IPv6 transition is already under way because IPv6-capable software and equipment exist in agency networks. Other important agency planning considerations include: developing inventories and assessing risks; creating business cases that identify organizational needs and goals; establishing policies and enforcement mechanisms; determining costs; and identifying timelines and methods for transition. As we have previously reported, planning for system migration and security are often problematic in federal agencies. However, proactive integration of IPv6 requirements into federal contracts may reduce the costs and complexity of transition by ensuring that federal applications can operate in an IPv6 environment without costly upgrades. Managing the security aspects of the transition is another consideration, since IPv6 can introduce additional security risks to agency information. For example, attackers of federal networks could abuse features to allow unauthorized traffic or make agency computers directly accessible from the Internet. Recognizing the importance of planning, DOD has made progress in developing a business case, policies, timelines, and methods for transitioning to IPv6. These efforts include creating a transition office, developing guidance and policies, drafting transition plans, and fielding a pilot. Despite these accomplishments, challenges remain, including finalizing plans, enforcing policy, and monitoring for unauthorized IPv6 traffic. Regarding other major federal agencies, most report little progress in planning for an IPv6 transition. For example, 22 agencies lack business cases; 21 lack transition plans; 19 have not inventoried IPv6 software and equipment; and 22 have not developed cost estimates. Transitioning to IPv6 is a pervasive and significant challenge for federal agencies that could result in significant benefits to agency services. But such benefits may not be realized if action is not taken to ensure that agencies are addressing key planning considerations or security issues. Accordingly, we are recommending, among other things, that the Director of the Office of Management and Budget (OMB) instruct the federal agencies to begin addressing key IPv6 planning considerations, and that federal agency heads take immediate actions to address the near-term security risks. In commenting on a draft of this report, officials from OMB, DOD, and Commerce generally agreed with its contents and provided technical corrections, which we incorporated, as appropriate. You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
