Bill spells out security responsibilities

Agencies would be required to take full responsibility for the security

of their information systems under a bill approved by the Senate Governmental

Affairs Committee Thursday.

The Government Information Security Act is co-sponsored by committee chairman

Sen. Fred Thompson (R-Tenn.) and ranking member Sen. Joe Lieberman (D-Conn.).

GISA is designed "to delineate much more specifically the responsibilities"

for improving federal information security practices, Thompson said.

The responsibilities for agencies include:

* Making sure federal employees are properly trained in the technology and

policies of their agency.

* Developing and implementing information security policies, procedures

and controls based on the agency's level of risk.

* Ensuring the agency's information security plan is practiced throughout

the life cycle of each agency system.

* Creating a senior agency information security official who will report

to the chief information officer.

* Ensuring that the CIO works with other senior agency administration.

* Performing an annual independent evaluation of all security programs and

practices that the General Accounting Office will review and report to Congress.

The bill places oversight responsibility for government security under the

deputy director for management at the Office of Management and Budget. Thompson

and Lieberman want OMB to have responsibility for aspects of the national

security agencies as well, but they clearly defined the line where the secretary

of Defense and the director of Central Intelligence will still maintain

control and responsibility.

"We should be able to deal with both, and it should not be controversial,"

Lieberman said. "We have negotiated with some of the security agencies about

their concerns and have been able to accommodate the while maintaining the

concentration of responsibility at OMB."

The bill (S.1993) also picks up on several security initiatives the president

proposed in January in the National Plan for Information Systems Protection.

Key among these is providing authorization to agencies for the federal cyberservice

initiative, which will train and recruit information security personnel,

Lieberman said.

MORE INFO

A copy of the amended bill is not yet available on the World Wide Web, butthe original version is available here

Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.