Model may provide security benchmark

The CIO Council on Thursday will present to Congress the draft of a model

that will enable agencies to evaluate and rank their security capabilities.

The council's Security Subcommittee is developing the Information Technology

Security Maturity Framework as a way for agencies, Congress and auditors,

such as the General Accounting Office, to tell how well security has been

incorporated into an agency's business process.

The model also could be used as a benchmark for measuring one agency's

security level against another, an ability that interests Rep. Stephen Horn

(R-Calif.), said John Gilligan, chief information officer at the Energy

Department and co-chairman of the CIO Council subcommittee.

"We've suggested to Congressman Horn that we use something like this

to encourage agencies to address the levels of security," Gilligan said.

Horn led the development of a system to grade agencies on Year 2000

readiness, and he and other members of Congress are looking for a similar

system for grading security capabilities.

The framework is based on the Carnegie Mellon Software Engineering Institute's

Capability Maturity Model. CMMs measure the maturity of an organization's

processes, tracking levels from an ad hoc process known by only a few people

to a repeatable process that has been institutionalized.

The council is working with SEI director Steve Cross to review the comments

on the subcommittee's draft and formalize the framework so it can be used

by agencies and Congress, Gilligan said.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.