Morella pushes security bill again

Computer Security Enhancement Act of 2001

Rep. Connie Morella (R-Md.) reintroduced a bill last week to make what many federal experts call much-needed updates to the 1987 Computer Security Act.

The Computer Security Enhancement Act of 2001 (H.R. 1259) is the third version of a bill that Morella and others have introduced since 1997. The last one passed the House in October 2000 but did not have time to get through the Senate before the congressional session ended.

Under the Computer Security Act, the National Institute of Standards and Technology is responsible for guiding and assisting civilian agencies' efforts to secure their systems and programs.

However, the law does not require civilian agencies to follow the NIST guidance. Federal security experts at NIST, the National Security Agency, the General Accounting Office and others told Morella at a hearing last year that such a requirement is the key to improving the overall level of, security in the federal government.

Following this advice, the new bill would provide NIST the ability to enforce its guidance. NIST's role would include:

Emphasizing the development of technology-neutral policy guidelines for computer security and electronic authentication practices. Promoting the use of commercially available security products that have been tested by federally accredited laboratories. Developing qualitative and quantitative measures to assess the quality of information security and privacy programs at federal agencies. Evaluating agencies' existing information security and privacy programs. The bill also includes a requirement for NIST to submit an annual report to Congress on the findings of the agency security evaluations. In addition, the Government Information Security Reform Act, signed in October as part of the fiscal 2001 Defense Authorization Act, requires agencies to perform annual security self-assessments and requires agency inspectors general to perform annual independent security assessments.

Findings from both of these evaluations are to be reported to the Office of Management and Budget, which will compile them into a governmentwide report to Congress.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected