Congress moves to enforce new systems security planning law

Congress moves to enforce new systems security planning law

By William Jackson

GCN Staff

MARCH 5—A congressional panel has asked 15 agencies for proof of compliance with a law requiring security auditing and penetration testing of government systems.

A House Energy and Commerce subcommittee sent a letter on Friday requesting the information. The law in question is the Government Information Security Reform Act, a rider to the fiscal 2001 Defense Authorization Act, which former president Bill Clinton signed in October.

The law requires agencies to develop, implement and review comprehensive information security programs, and submit their plans for approval to the Office of Management and Budget. Rep. Jim Greenwood (R-Pa.), chairman of the Energy and Commerce Oversight and Investigations Subcommittee, sent the letter and asked for records relating to vulnerability assessments; audits and testing of security plans; incident detection and response plans; reviews of programs by OMB; and the status of internal reviews.

The targeted agencies are the Centers for Disease Control and Prevention, Consumer Product Safety Commission, Environmental Protection Agency, Federal Communications Commission, Federal Energy Regulatory Commission, Federal Trade Commission, Food and Drug Administration, Health Care Financing Administration, National Highway Traffic Safety Administration, National Institutes of Health, Nuclear Regulatory Commission, Office of the U.S. Trade Representative, and departments of Commerce, Energy, and Health and Human Services.

Greenwood asked the 15 agencies to respond by March 16.

Congress passed the law in the wake of continuing reports that government systems were vulnerable to insider attacks, outside penetration, and damage from viruses and other malicious code. Greenwood said in his letter that 'the committee intends to continue its cybersecurity reviews of federal agencies and programs.'


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.