Sen. Edwards' IT bill would bolster security
- By William Jackson
- Jan 24, 2003
Sen. John Edwards
The National Cyber Security Leadership Act of 2003, introduced this month by Sen. John Edwards, complements the Federal Information Security Management Act, which was part of last year's homeland security bill.
The North Carolina Democrat said he was prompted to introduce the bill, S 187, by the latest round of IT security evaluations from the Office of Management and Budget, the General Accounting Office and Congress. He called the government's lax systems security a poor example that gives federal contractors little incentive to upgrade their security.
The bill would require agency CIOs to identify vulnerabilities in systems, establish goals for eliminating them and evaluate performance at least quarterly.
The bill authorizes $1 million in fiscal 2004 funding for the National Institute of Standards and Technology to develop guidelines for fixing vulnerabilities within six months of agencies' assessments.
The Federal Information Security Management Act requires agencies to assess IT risks and provide protection commensurate with the risks.
William Jackson is freelance writer and the author of the CyberEye blog.