Sen. Edwards introduces information security bill

Sen. John Edwards has introduced a bill that would require agencies to identify vulnerabilities in their systems and set up timetables for eliminating them.

The North Carolina Democrat's National Cyber Security Leadership Act of 2003 would also mandate the use of IT security standards and guidelines established by the National Institute of Standards and Technology.

The bill, introduced Jan. 16, has been referred to the Senate Governmental Affairs Committee.

Edwards said he introduced S 187 because of the dismal performance of many agencies in the most recent rounds of evaluations by the Office of Management and Budget, the General Accounting Office, and the House Government Reform Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations. He said the government's lax efforts set a poor example for the private sector and offer little incentive for federal contractors to upgrade security.

The bill would require agency CIOs to:

  • Identify significant vulnerabilities in IT systems

  • Establish performance goals for eliminating the weaknesses

  • Evaluate performance at least quarterly.

  • NIST would be charged with developing guidelines within six months to address the vulnerabilities. The guidelines could become mandatory unless agencies received exemptions. The bill would authorize $1 million next year for the NIST work.

    The bill complements the Federal Information Security Management Act, which was incorporated in the Homeland Security Act of 2002.

    FISMA requires agencies to assess risks to IT systems and to provide 'information security protections commensurate with the risk.' It also requires development of security programs, annual evaluations of the programs and annual reports to OMB. The OMB director, who must see that IT security is incorporated adequately in each agency's programs and budgets, must make a status report to Congress each year.

    FISMA also requires development of NIST security standards and guidelines but does not make their use mandatory by agencies.

    About the Author

    William Jackson is a Maryland-based freelance writer.


    • Records management: Look beyond the NARA mandates

      Pandemic tests electronic records management

      Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

    • boy learning at home (Travelpixs/

      Tucson’s community wireless bridges the digital divide

      The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

    Stay Connected