OPM emphasizes security training

The Office of Personnel Management is asking agencies to make sure employees comply with computer security guidelines and training.

In a proposed Federal Register rule last week, OPM director Kay Coles James proposed requiring employees to check a National Institute of Standards and Technology site, http://csrc.nist.gov, for the latest information about IT security and training standards.

'These regulations afford agencies the opportunity to be immediately aware of and come into timely compliance with changing computer security guidelines and requisite training,' James said. 'The proposal provides users more timely access to the most current applicable definitions and guidelines.'

OPM revised the regulations to require agencies to:

  • Identify employees with significant security responsibilities and provide role-specific training


  • Make all employees and contractors who use IT study security awareness materials at least annually


  • Train executives in security basics as well as policy-level planning


  • Train program managers, CIOs and IT security personnel in security basics, planning, system security management, lifecycle and risk management, and contingency planning


  • Give new employees IT security guidance within 60 days


  • Hold refresher courses for employees based on need and IT security changes.


  • Comments are due to [email protected] by Oct. 6.

    Featured

    • Russia prying into state, local networks

      A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

    • Marines on patrol (US Marines)

      Using AVs to tell friend from foe

      The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

    Stay Connected