Model may provide security benchmark

The CIO Council on Thursday will present to Congress the draft of a model

that will enable agencies to evaluate and rank their security capabilities.

The council's Security Subcommittee is developing the Information Technology

Security Maturity Framework as a way for agencies, Congress and auditors,

such as the General Accounting Office, to tell how well security has been

incorporated into an agency's business process.

The model also could be used as a benchmark for measuring one agency's

security level against another, an ability that interests Rep. Stephen Horn

(R-Calif.), said John Gilligan, chief information officer at the Energy

Department and co-chairman of the CIO Council subcommittee.

"We've suggested to Congressman Horn that we use something like this

to encourage agencies to address the levels of security," Gilligan said.

Horn led the development of a system to grade agencies on Year 2000

readiness, and he and other members of Congress are looking for a similar

system for grading security capabilities.

The framework is based on the Carnegie Mellon Software Engineering Institute's

Capability Maturity Model. CMMs measure the maturity of an organization's

processes, tracking levels from an ad hoc process known by only a few people

to a repeatable process that has been institutionalized.

The council is working with SEI director Steve Cross to review the comments

on the subcommittee's draft and formalize the framework so it can be used

by agencies and Congress, Gilligan said.

Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected