policy checklist

State CIOs stress security, emerging tech and IT consolidation for 2018

The National Association of State CIOs has outlined its legislative priorities for 2018, focusing on harmonizing federal cybersecurity regulations, recognizing state authority in emerging technology and ensuring safeguards for shared intergovernmental data.

State agencies administer many federal programs and frequently share tax information, Social Security numbers and medical records with their federal partners. Because federal agencies each have their own cybersecurity regulations, states spend an inordinate amount of time and staff on compliance. For instance, federal requirements for how IT systems manage unsuccessful login attempts vary substantially between the IRS Publication 1075, the Social Security Administration’s Electronic information Exchange Security Requirements and Procedures and the FBI’s Criminal Justice Information Services policy.

These multiple mandates -- and accompanying audits of state agency IT environments -- strain states'  limited staff resources and finance and  hinder their IT consolidation efforts.

“State CIOs continue to seek efficiencies within state government through efforts like IT consolidation/optimization, which for my state has reaped over $351 million in savings and IT cost avoidance,” NASCIO President and Oklahoma CIO Bo Reese said. “However, voluminous and conflicting federal cybersecurity regulations often pose a challenge in our ability to do so, and it is our hope that our federal partners will work with state CIOs to harmonize regulations and normalize the audit process.”

In November 2017, NASCIO and the National Governors Association asked the federal Office of Management and Budget to work with state leadership to harmonize the regulations and standardize the federal audit process.

State CIOs also want federal regulators to back off when it comes to emerging technologies.

NASCIO also considers states to be laboratories where artificial intelligence, blockchain, internet of things, unmanned aerial systems and connected vehicles can be explored.   To encourage new technological advances, federal regulators should delay “premature” regulations and frameworks that “could stifle innovation and introduce unintended consequences,” according to a fact sheet.

When it comes to better data sharing across agencies, NASCIO supports using the National Information Exchange Model, which provides consistent, reusable and repeatable data terms, definitions, and processes.  NIEM gives state agencies a way to directly share information in the context of an open-source community and provides free online training for program managers, developers and solution providers.

About the Author

Sara Friedman is a reporter/producer for GCN, covering cloud, cybersecurity and a wide range of other public-sector IT topics.

Before joining GCN, Friedman was a reporter for Gambling Compliance, where she covered state issues related to casinos, lotteries and fantasy sports. She has also written for Communications Daily and Washington Internet Daily on state telecom and cloud computing. Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.

Friedman can be contacted at [email protected] or follow her on Twitter @SaraEFriedman.

Click here for previous articles by Friedman.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected