Congress moves to enforce new systems security planning law

Congress moves to enforce new systems security planning law

By William Jackson

GCN Staff

MARCH 5—A congressional panel has asked 15 agencies for proof of compliance with a law requiring security auditing and penetration testing of government systems.

A House Energy and Commerce subcommittee sent a letter on Friday requesting the information. The law in question is the Government Information Security Reform Act, a rider to the fiscal 2001 Defense Authorization Act, which former president Bill Clinton signed in October.

The law requires agencies to develop, implement and review comprehensive information security programs, and submit their plans for approval to the Office of Management and Budget. Rep. Jim Greenwood (R-Pa.), chairman of the Energy and Commerce Oversight and Investigations Subcommittee, sent the letter and asked for records relating to vulnerability assessments; audits and testing of security plans; incident detection and response plans; reviews of programs by OMB; and the status of internal reviews.

The targeted agencies are the Centers for Disease Control and Prevention, Consumer Product Safety Commission, Environmental Protection Agency, Federal Communications Commission, Federal Energy Regulatory Commission, Federal Trade Commission, Food and Drug Administration, Health Care Financing Administration, National Highway Traffic Safety Administration, National Institutes of Health, Nuclear Regulatory Commission, Office of the U.S. Trade Representative, and departments of Commerce, Energy, and Health and Human Services.

Greenwood asked the 15 agencies to respond by March 16.

Congress passed the law in the wake of continuing reports that government systems were vulnerable to insider attacks, outside penetration, and damage from viruses and other malicious code. Greenwood said in his letter that 'the committee intends to continue its cybersecurity reviews of federal agencies and programs.'


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected