Model may provide security benchmark

The CIO Council on Thursday will present to Congress the draft of a model

that will enable agencies to evaluate and rank their security capabilities.

The council's Security Subcommittee is developing the Information Technology

Security Maturity Framework as a way for agencies, Congress and auditors,

such as the General Accounting Office, to tell how well security has been

incorporated into an agency's business process.

The model also could be used as a benchmark for measuring one agency's

security level against another, an ability that interests Rep. Stephen Horn

(R-Calif.), said John Gilligan, chief information officer at the Energy

Department and co-chairman of the CIO Council subcommittee.

"We've suggested to Congressman Horn that we use something like this

to encourage agencies to address the levels of security," Gilligan said.

Horn led the development of a system to grade agencies on Year 2000

readiness, and he and other members of Congress are looking for a similar

system for grading security capabilities.

The framework is based on the Carnegie Mellon Software Engineering Institute's

Capability Maturity Model. CMMs measure the maturity of an organization's

processes, tracking levels from an ad hoc process known by only a few people

to a repeatable process that has been institutionalized.

The council is working with SEI director Steve Cross to review the comments

on the subcommittee's draft and formalize the framework so it can be used

by agencies and Congress, Gilligan said.

Featured

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

  • IT Modernization
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    VA plans 'strategic review' of $16B software program

    New Veterans Affairs chief Denis McDonough announced a "strategic review" of the agency's Electronic Health Record Modernization program of up to 12 weeks.

Stay Connected