Putnam drafting Clinger-Cohen amendment
- By Jason Miller
- Feb 23, 2004
Rep. Adam Putnam is working on a Clinger-Cohen Act amendment to add cybersecurity and enterprise architecture requirements.
The Florida Republican, chairman of the Government Reform Subcommittee on Technology, Information Policy, Intragovernmental Relations and the Census, wants to make it mandatory for agencies to include cybersecurity efforts and architecture models into their IT oversight and decision-making processes.
'There is a link between IT security and the Federal Enterprise Architecture and how agencies conduct IT oversight,' subcommittee staff director Bob Dix said today. 'We think it is important to refer to the FEA and IT security as explicit parts of IT oversight and management.'
Subcommittee staff members have met with administration and agency officials about the need for possibly amending the 1996 law, and Putnam has received support from committee chairman Rep. Tom Davis (R-Va.), Dix said at a breakfast in Fairfax, Va., sponsored by the National Business Promotions and Conferences Inc. of Herndon, Va.
'We plan to move it pretty quickly after the staff makes recommendations,' Dix said. 'We want Clinger-Cohen to be relevant with what is the current trend in the IT decision-making process.'
The subcommittee also is reviewing the Federal Information Security Management Act to see if there is a need to add an IT oversight and management provision, he said.
Meanwhile, the Corporate Information Security Working Group will submit recommendations to Putnam next Wednesday, March 3, about how the private sector can improve its cybersecurity. The working group has been studying five areas:Setting best practices for private-sector IT securityEncouraging companies to adopt the best practicesCreating a national IT security education campaignIncluding IT security in procurement practices Sharing intrusion information and performance metrics.
'From talking to agencies, we've come to learn better IT security is not about money or resources, but commitment and prioritization,' Dix said.