The National Association of State CIOs has outlined its legislative priorities, focusing on harmonizing federal cybersecurity regulations, recognizing state authority in emerging technology and ensuring safeguards for shared intergovernmental data.
The National Association of State CIOs has outlined its legislative priorities for 2018, focusing on harmonizing federal cybersecurity regulations, recognizing state authority in emerging technology and ensuring safeguards for shared intergovernmental data.
State agencies administer many federal programs and frequently share tax information, Social Security numbers and medical records with their federal partners. Because federal agencies each have their own cybersecurity regulations, states spend an inordinate amount of time and staff on compliance. For instance, federal requirements for how IT systems manage unsuccessful login attempts vary substantially between the IRS Publication 1075, the Social Security Administration’s Electronic information Exchange Security Requirements and Procedures and the FBI’s Criminal Justice Information Services policy.
These multiple mandates -- and accompanying audits of state agency IT environments -- strain states' limited staff resources and finance and hinder their IT consolidation efforts.
“State CIOs continue to seek efficiencies within state government through efforts like IT consolidation/optimization, which for my state has reaped over $351 million in savings and IT cost avoidance,” NASCIO President and Oklahoma CIO Bo Reese said. “However, voluminous and conflicting federal cybersecurity regulations often pose a challenge in our ability to do so, and it is our hope that our federal partners will work with state CIOs to harmonize regulations and normalize the audit process.”
In November 2017, NASCIO and the National Governors Association asked the federal Office of Management and Budget to work with state leadership to harmonize the regulations and standardize the federal audit process.
State CIOs also want federal regulators to back off when it comes to emerging technologies.
NASCIO also considers states to be laboratories where artificial intelligence, blockchain, internet of things, unmanned aerial systems and connected vehicles can be explored. To encourage new technological advances, federal regulators should delay “premature” regulations and frameworks that “could stifle innovation and introduce unintended consequences,” according to a fact sheet.
When it comes to better data sharing across agencies, NASCIO supports using the National Information Exchange Model, which provides consistent, reusable and repeatable data terms, definitions, and processes. NIEM gives state agencies a way to directly share information in the context of an open-source community and provides free online training for program managers, developers and solution providers.