Congress moves to enforce new systems security planning law

Congress moves to enforce new systems security planning law

By William Jackson

GCN Staff

MARCH 5—A congressional panel has asked 15 agencies for proof of compliance with a law requiring security auditing and penetration testing of government systems.

A House Energy and Commerce subcommittee sent a letter on Friday requesting the information. The law in question is the Government Information Security Reform Act, a rider to the fiscal 2001 Defense Authorization Act, which former president Bill Clinton signed in October.

The law requires agencies to develop, implement and review comprehensive information security programs, and submit their plans for approval to the Office of Management and Budget. Rep. Jim Greenwood (R-Pa.), chairman of the Energy and Commerce Oversight and Investigations Subcommittee, sent the letter and asked for records relating to vulnerability assessments; audits and testing of security plans; incident detection and response plans; reviews of programs by OMB; and the status of internal reviews.

The targeted agencies are the Centers for Disease Control and Prevention, Consumer Product Safety Commission, Environmental Protection Agency, Federal Communications Commission, Federal Energy Regulatory Commission, Federal Trade Commission, Food and Drug Administration, Health Care Financing Administration, National Highway Traffic Safety Administration, National Institutes of Health, Nuclear Regulatory Commission, Office of the U.S. Trade Representative, and departments of Commerce, Energy, and Health and Human Services.

Greenwood asked the 15 agencies to respond by March 16.

Congress passed the law in the wake of continuing reports that government systems were vulnerable to insider attacks, outside penetration, and damage from viruses and other malicious code. Greenwood said in his letter that 'the committee intends to continue its cybersecurity reviews of federal agencies and programs.'


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected