Security plan OK'd

Federal Information Technology Security Assessment Framework

The federal CIO Council last week released the final version of an initial

framework designed to let agencies determine where improvements are needed

in their security programs.

The council's security subcommittee developed the Federal Information

Technology Security Assessment Framework to provide agencies with a way

to measure their systems' security against a five-level assessment. The

framework is based on guidance from the Office of Management and Budget,

the National Institute of Standards and Technology and the General Accounting

Office.

"As a CIO, it allows me to focus on the asset itself and identify [not

only] what I'm doing well that may be repeatable someplace else but also

what I need to fix," said Brian Burns, head of the framework working group

and deputy chief information officer at the Department of Health and Human

Services.

Work on the framework began early this year, and subcommittee chairman

John Gilligan intended to give it to Rep. Stephen Horn (R-Calif.) to determine

the security grades he issued in September. But Horn used a questionnaire

developed by his staff, instead, and the governmentwide result was a D-minus.

Now the CIO Council and OMB are recommending that agencies start using

the framework to perform the annual assessments required under the new Government

Information Security Reform Act, passed in October as part of the fiscal

2001 Defense Authorization Act.

NIST is developing a companion to the framework, a self-assessment questionnaire

to be released early in 2001.

Featured

  • Acquisition
    network monitoring (nmedia/Shutterstock.com)

    How companies should prep for CMMC

    Defense contractors should be getting ready for the Defense Department's impending cybersecurity standard expected to be released this month.

  • Workforce
    Volcanic Tablelands Calif BLM Bishop Field Office employee. April 28, 2010

    BLM begins move out of Washington

    The decision to relocate staff could disrupt key relationships with Congress and OMB and set the stage for a dismantling of the agency, say former employees.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.