Agencies told to document security work

Agencies told to document security work

The House Energy and Commerce Subcommittee on Oversight and Investigations has asked 15 agencies for proof of compliance with a new systems security requirement.

The Information Security Reform Act, a rider to the fiscal 2001 Defense Authorization Act, directed agencies to develop comprehensive information security programs. The agencies' plans are subject to approval by the Office of Management and Budget.

A March 2 letter from the subcommittee's chairman, Rep. Jim Greenwood (R-Pa.), asked for records relating to vulnerability assessments; audits and testing of security plans; incident detection and response plans; OMB reviews; and the status of internal reviews.

The targeted agencies are the Centers for Disease Control and Prevention, Consumer Product Safety Commission, Environmental Protection Agency, Federal Communications Commission, Federal Energy Regulatory Commission, Federal Trade Commission, Food and Drug Administration, Health Care Financing Administration, National Highway Traffic Safety Administration, National Institutes of Health, Nuclear Regulatory Commission, Office of the U.S. Trade Representative, and the departments of Commerce, Energy, and Health and Human Services.

'W. Jackson

inside gcn

  • security compliance

    Security fundamentals: Policy compliance

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above