Congress moves to enforce new systems security planning law

Congress moves to enforce new systems security planning law

By William Jackson

GCN Staff

MARCH 5—A congressional panel has asked 15 agencies for proof of compliance with a law requiring security auditing and penetration testing of government systems.

A House Energy and Commerce subcommittee sent a letter on Friday requesting the information. The law in question is the Government Information Security Reform Act, a rider to the fiscal 2001 Defense Authorization Act, which former president Bill Clinton signed in October.

The law requires agencies to develop, implement and review comprehensive information security programs, and submit their plans for approval to the Office of Management and Budget. Rep. Jim Greenwood (R-Pa.), chairman of the Energy and Commerce Oversight and Investigations Subcommittee, sent the letter and asked for records relating to vulnerability assessments; audits and testing of security plans; incident detection and response plans; reviews of programs by OMB; and the status of internal reviews.

The targeted agencies are the Centers for Disease Control and Prevention, Consumer Product Safety Commission, Environmental Protection Agency, Federal Communications Commission, Federal Energy Regulatory Commission, Federal Trade Commission, Food and Drug Administration, Health Care Financing Administration, National Highway Traffic Safety Administration, National Institutes of Health, Nuclear Regulatory Commission, Office of the U.S. Trade Representative, and departments of Commerce, Energy, and Health and Human Services.

Greenwood asked the 15 agencies to respond by March 16.

Congress passed the law in the wake of continuing reports that government systems were vulnerable to insider attacks, outside penetration, and damage from viruses and other malicious code. Greenwood said in his letter that 'the committee intends to continue its cybersecurity reviews of federal agencies and programs.'

inside gcn

  • artificial intelligence (ktsdesign/Shutterstock.com)

    Machine learning with limited data

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group