Commerce sets infosec policy

The Commerce Department chief information officer last week issued the first departmentwide information technology security policy that sets comprehensive ground rules for protecting and accessing the department's systems.

The policy explains the department's IT security program requirements and provides guidance on the implementation of IT security programs within Commerce.

The department has been making progress on IT security since receiving critical reports from the General Accounting Office and Congress in 2001 and 2002, said Thomas Pyke Jr., the CIO at Commerce. For instance, the department now conducts vulnerability testing of its own systems and provides training in IT security for employees and contractors.

However, enhancing IT security is an ongoing process, Pyke said. "We have to be constantly vigilant."

The policy lays out in detail such things as IT security roles and responsibilities and controls that must be included in the department's IT security programs, such as risk management and contingency planning.

Commerce operating units may take the policy and develop more detailed supplemental guidance for their employees, Pyke said.

Pyke said he has asked the heads of operating units and CIOs in the department to notify the Commerce IT security program manager by June 30 that they have met the minimum mandatory standards laid out in the policy or that they will meet them by Sept. 30.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected