Carper introduces bills to reform IT procurement, FISMA

A Senate subcommittee chairman introduced legislation on Tuesday that would alter how agencies ensure the security of their information technology systems and create a new office in the White House with the power to oversee federal IT security. The legislation would also reform the IT acquisition process through increased accountability and transparency.

Sen. Thomas Carper (D-Del.), chairman of the Homeland Security and Governmental Affairs Committee’s Federal Financial Management, Government Information, Federal Services, and International Security Subcommittee, introduced the legislation as two separate bills.

One of the measures focuses on information security and is designed to improve the Federal Information Security Management Act (FISMA) to deal with complaints that the law doesn’t do enough ensure federal IT security. Meanwhile, a separate bill would increase oversight of IT investments and reduce cost overruns.

The information security-focused bill would establish a new National Office for Cyberspace to be part of the Executive Office of the President. That office would coordinate efforts to secure the country’s information infrastructure and establish a comprehensive national cyberspace strategy, according to a draft of the bill. That office would also oversee policies, principles, standards, and guidelines on information security.

The director of the new cyberspace office would oversee governmentwide operational evaluations on a frequent and recurring basis to make sure that agencies monitor, detect, analyze, protect and report known vulnerabilities and attacks. The director would also have to submit a series of reports to Congress.

In addition, the Commerce Department would also establish standards and guidelines for government information systems that mirror, as much as possible, standards used for national security systems to enhance information security and information sharing, the draft said.

The legislation would also give chief information security officers the authority to ensure that agencies can -- on an automated and continuous basis -- detect, report and mitigate cyber incidents. Each agency would also have to put in place its own information security program that has been approved by the director of the new White House office, according to the draft. Agencies would also be responsible for annual reports and evaluations.

Meanwhile, the bill focused on IT procurement would establish a Web site that would include information on the cost, schedule, and performance of all major government IT investments. The site would also include trend information on IT projects and information on investments that have exceeded their costs, schedules, or performance by more than ten percent of original plans.

If an IT project is determined to have a cost, schedule, or performance variance overrun of at least 40 percent from original projections, the agency would be required to develop a “remedial action plan” to fix the problem. Failure to fix the problem by required deadline would mean “additional funds may not be obligated to support expenditures associated with the project” until the requirements have been fulfilled, the draft said.

In addition, the IT acquisition measure would require chief information officers to create a program to improve their agencies’ IT procurement processes, according to the draft. Those programs would include ways to measure performance in real time and a process through which the CIO could stop the funding of an IT investment if it is at risk of failure.


About the Author

Ben Bain is a reporter for Federal Computer Week.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Wed, Apr 29, 2009 M.H. DC

There is much in the current (and new I'm sure) FISMA guidelines that a CIO typically does not have control over, such as physical security, personnel security, enviornmental protections, etc. I'd like to see the administration provide guidance to those responsible for non-IT controls and mandate their compliance to FISMA standards. That will free up CIO's time in trying to pursuade them of their responsibilities in IT Security compliance.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group