Bill spells out security responsibilities

Agencies would be required to take full responsibility for the security

of their information systems under a bill approved by the Senate Governmental

Affairs Committee Thursday.

The Government Information Security Act is co-sponsored by committee chairman

Sen. Fred Thompson (R-Tenn.) and ranking member Sen. Joe Lieberman (D-Conn.).

GISA is designed "to delineate much more specifically the responsibilities"

for improving federal information security practices, Thompson said.

The responsibilities for agencies include:

* Making sure federal employees are properly trained in the technology and

policies of their agency.

* Developing and implementing information security policies, procedures

and controls based on the agency's level of risk.

* Ensuring the agency's information security plan is practiced throughout

the life cycle of each agency system.

* Creating a senior agency information security official who will report

to the chief information officer.

* Ensuring that the CIO works with other senior agency administration.

* Performing an annual independent evaluation of all security programs and

practices that the General Accounting Office will review and report to Congress.

The bill places oversight responsibility for government security under the

deputy director for management at the Office of Management and Budget. Thompson

and Lieberman want OMB to have responsibility for aspects of the national

security agencies as well, but they clearly defined the line where the secretary

of Defense and the director of Central Intelligence will still maintain

control and responsibility.

"We should be able to deal with both, and it should not be controversial,"

Lieberman said. "We have negotiated with some of the security agencies about

their concerns and have been able to accommodate the while maintaining the

concentration of responsibility at OMB."

The bill (S.1993) also picks up on several security initiatives the president

proposed in January in the National Plan for Information Systems Protection.

Key among these is providing authorization to agencies for the federal cyberservice

initiative, which will train and recruit information security personnel,

Lieberman said.


A copy of the amended bill is not yet available on the World Wide Web, butthe original version is available here


  • Budget
    Stock photo ID: 134176955 By Richard Cavalleri

    House passes stopgap spending bill

    The current appropriations bills are set to expire on Oct. 1; the bill now goes to the Senate where it is expected to pass.

  • Defense
    concept image of radio communication (DARPA)

    What to look for in DOD's coming spectrum strategy

    Interoperability, integration and JADC2 are likely to figure into an updated electromagnetic spectrum strategy expected soon from the Department of Defense.

Stay Connected