Council framing agencies' security picture

CIO Council's Security, Privacy and Critical Infrastructure ProtectionCommittee

With the availability of a tool to help agencies assess the adequacy of

their security programs, the federal CIO Council is asking the administration

to encourage agencies to reach a common baseline by next summer.

The council's Security Subcommittee is close to releasing its Federal

Information Security Assessment Framework. The methodology is designed to

help agencies measure their programs on five levels and then develop plans

to improve their security.

The framework has undergone several drafts, and the first version should

be released before the end of the month.

The council is asking the Office of Management and Budget to recommend

that agencies use the framework to complete an initial security assessment

by March 2001 and reach the framework's second level by summer, said John

Gilligan, co-chairman of the council's Security, Privacy and Critical Infrastructure

Protection Committee.

The framework was intended to help Congress, especially Rep. Stephen

Horn (R-Calif.), grade agencies' security programs. But Horn proceeded with

the grades — the government received a D-minus overall — and now agencies

can use the framework as a guide while OMB tries to improve federal security,

Gilligan said.

The next version of the framework will include a checklist being developed

by the National Institute of Standards and Technology. The checklist will

identify criteria that agencies need to meet to comply with the level designations,

said Brian Burns, deputy CIO at the Department of Health and Human Services

and chairman of the council's security framework working group.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.