Evans: No big changes in security guidance

Related Links

"Unfair grading?"

Karen Evans, the Office of Management and Budget’s administrator for e-government and information technology, testified today that she has no plans for making major revisions to OMB's information security policy guidance, despite some lawmakers' questions about its effectiveness.

But Evans said she would be willing to consider additions or changes that would make annual security evaluations more consistent among federal agencies. The evaluations are required under the Federal Information Security Management Act of 2002, which OMB administers.

Rep. Tom Davis (R-Va.), who conducted today's congressional hearing, questioned the quality of OMB's guidance and whether a standard auditing approach is necessary in light of the federal government's D-plus grade on information security.

Members of Davis' Government Reform Committee are considering whether agency inspectors general who conduct security evaluations might have a need for information security audit standards, similar to those used for auditing financial management systems.

Because federal IGs have different levels of resources and expertise, any new standards that would support greater consistency would be something that OMB could support, Evans said.

Davis later wanted to know if the Homeland Security Department has unique problems that make it especially difficult for DHS to get a good security grade. DHS is responsible for the nation’s cybersecurity but has received an F on its own security report card two years in a row.

"What’s holding them up?" Davis asked Steve Cooper, the department's CIO.

Cooper responded that the department has procedures in place that will enable it to earn a respectable grade by 2006.

Davis thanked Cooper for his efforts at DHS. Cooper is leaving the top CIO position at DHS later this month.

Featured

  • Workforce
    Avril Haines testifies SSCI Jan. 19, 2021

    Haines looks to restore IC workforce morale

    If confirmed, Avril Haines says that one of her top priorities as the Director of National Intelligence will be "institutional" issues, like renewing public trust in the intelligence community and improving workforce morale.

  • Defense
    laptop cloud concept (Andrey Suslov/Shutterstock.com)

    Telework, BYOD and DEOS

    Telework made the idea of bringing your own device a top priority as the Defense Information Systems Agency begins transitioning to a permanent version of the commercial virtual remote environment.

Stay Connected