Congress moves to enforce new systems security planning law

Congress moves to enforce new systems security planning law

By William Jackson

GCN Staff

MARCH 5—A congressional panel has asked 15 agencies for proof of compliance with a law requiring security auditing and penetration testing of government systems.

A House Energy and Commerce subcommittee sent a letter on Friday requesting the information. The law in question is the Government Information Security Reform Act, a rider to the fiscal 2001 Defense Authorization Act, which former president Bill Clinton signed in October.

The law requires agencies to develop, implement and review comprehensive information security programs, and submit their plans for approval to the Office of Management and Budget. Rep. Jim Greenwood (R-Pa.), chairman of the Energy and Commerce Oversight and Investigations Subcommittee, sent the letter and asked for records relating to vulnerability assessments; audits and testing of security plans; incident detection and response plans; reviews of programs by OMB; and the status of internal reviews.

The targeted agencies are the Centers for Disease Control and Prevention, Consumer Product Safety Commission, Environmental Protection Agency, Federal Communications Commission, Federal Energy Regulatory Commission, Federal Trade Commission, Food and Drug Administration, Health Care Financing Administration, National Highway Traffic Safety Administration, National Institutes of Health, Nuclear Regulatory Commission, Office of the U.S. Trade Representative, and departments of Commerce, Energy, and Health and Human Services.

Greenwood asked the 15 agencies to respond by March 16.

Congress passed the law in the wake of continuing reports that government systems were vulnerable to insider attacks, outside penetration, and damage from viruses and other malicious code. Greenwood said in his letter that 'the committee intends to continue its cybersecurity reviews of federal agencies and programs.'


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected