Commerce sets infosec policy

The Commerce Department chief information officer last week issued the first departmentwide information technology security policy that sets comprehensive ground rules for protecting and accessing the department's systems.

The policy explains the department's IT security program requirements and provides guidance on the implementation of IT security programs within Commerce.

The department has been making progress on IT security since receiving critical reports from the General Accounting Office and Congress in 2001 and 2002, said Thomas Pyke Jr., the CIO at Commerce. For instance, the department now conducts vulnerability testing of its own systems and provides training in IT security for employees and contractors.

However, enhancing IT security is an ongoing process, Pyke said. "We have to be constantly vigilant."

The policy lays out in detail such things as IT security roles and responsibilities and controls that must be included in the department's IT security programs, such as risk management and contingency planning.

Commerce operating units may take the policy and develop more detailed supplemental guidance for their employees, Pyke said.

Pyke said he has asked the heads of operating units and CIOs in the department to notify the Commerce IT security program manager by June 30 that they have met the minimum mandatory standards laid out in the policy or that they will meet them by Sept. 30.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.