Federal Computer Week
May 3, 2002
By Megan Lisagor
Rep. Janice Schakowsky (D-Ill.) intends to offer an amendment to a bill
that is designed to give congressional oversight of information security
a boost.
"There does seem to be one significant hole in this legislation," Schakowsky
said, referring to the Federal Information Security Management Act (FISMA).
"As we learned in confronting the Y2K problem, we can't be sure all
of the systems are fixed until we know where they all are," Schakowsky,
ranking member of the House Government Reform Committee's Government Efficiency,
Financial Management and Intergovernmental Relations Subcommittee, said
in a statement May 2.
"The first thing most agencies had to do to prepare for the turn of
the millennium was to create an inventory of all computer systems.... Very
few agencies have kept the inventory current," she said.
The amendment would require all agencies to maintain an up-to-date inventory
of their systems and to develop a plan to test every system during a five-year
period.
"Awareness is where we begin with security," Ron Miller, the Federal
Emergency Management Agency's chief information officer, said at a joint
hearing on FISMA.
FISMA would update and extend the Government Information Security Reform
Act of 2000, which expires Nov. 29. GISRA combined several federal security
policies into a single law and mandated an annual assessment to track compliance.
"Continued authorization of federal information security legislation
is essential to sustain agencies' efforts to implement good security practices
and to identify and correct significant weaknesses," said Robert Dacey,
director of information security at the General Accounting Office.
Under GISRA, agencies provide detailed security reports to the Office
of Management and Budget, which then briefs Congress.
A GAO report released at the hearing made recommendations to OMB that
include clarifying the scope of the review.
"I am not satisfied with our federal government's overall performance
in securing our information infrastructure," said Rep. Tom Davis (R-Va.),
who introduced FISMA March 6. "The bottom line is that we are still too
vulnerable."
Under the bill, agencies would follow security standards set by the
National Institute of Standards and Technology.
Benjamin Wu, the Commerce Department's deputy undersecretary for technology,
spoke on behalf of NIST and said the agency is up to the task. |