Sen. Edwards introduces information security bill

Sen. John Edwards has introduced a bill that would require agencies to identify vulnerabilities in their systems and set up timetables for eliminating them.

The North Carolina Democrat's National Cyber Security Leadership Act of 2003 would also mandate the use of IT security standards and guidelines established by the National Institute of Standards and Technology.

The bill, introduced Jan. 16, has been referred to the Senate Governmental Affairs Committee.

Edwards said he introduced S 187 because of the dismal performance of many agencies in the most recent rounds of evaluations by the Office of Management and Budget, the General Accounting Office, and the House Government Reform Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations. He said the government's lax efforts set a poor example for the private sector and offer little incentive for federal contractors to upgrade security.

The bill would require agency CIOs to:

  • Identify significant vulnerabilities in IT systems

  • Establish performance goals for eliminating the weaknesses

  • Evaluate performance at least quarterly.

  • NIST would be charged with developing guidelines within six months to address the vulnerabilities. The guidelines could become mandatory unless agencies received exemptions. The bill would authorize $1 million next year for the NIST work.

    The bill complements the Federal Information Security Management Act, which was incorporated in the Homeland Security Act of 2002.

    FISMA requires agencies to assess risks to IT systems and to provide 'information security protections commensurate with the risk.' It also requires development of security programs, annual evaluations of the programs and annual reports to OMB. The OMB director, who must see that IT security is incorporated adequately in each agency's programs and budgets, must make a status report to Congress each year.

    FISMA also requires development of NIST security standards and guidelines but does not make their use mandatory by agencies.

    About the Author

    William Jackson is a Maryland-based freelance writer.


    • 2020 Government Innovation Awards
      Government Innovation Awards -

      21 Public Sector Innovation award winners

      These projects at the federal, state and local levels show just how transformative government IT can be.

    • Federal 100 Awards
      cheering federal workers

      Nominations for the 2021 Fed 100 are now being accepted

      The deadline for submissions is Dec. 31.

    Stay Connected