Carper introduces bills to reform IT procurement, FISMA

A Senate subcommittee chairman introduced legislation on Tuesday that would alter how agencies ensure the security of their information technology systems and create a new office in the White House with the power to oversee federal IT security. The legislation would also reform the IT acquisition process through increased accountability and transparency.

Sen. Thomas Carper (D-Del.), chairman of the Homeland Security and Governmental Affairs Committee’s Federal Financial Management, Government Information, Federal Services, and International Security Subcommittee, introduced the legislation as two separate bills.

One of the measures focuses on information security and is designed to improve the Federal Information Security Management Act (FISMA) to deal with complaints that the law doesn’t do enough ensure federal IT security. Meanwhile, a separate bill would increase oversight of IT investments and reduce cost overruns.

The information security-focused bill would establish a new National Office for Cyberspace to be part of the Executive Office of the President. That office would coordinate efforts to secure the country’s information infrastructure and establish a comprehensive national cyberspace strategy, according to a draft of the bill. That office would also oversee policies, principles, standards, and guidelines on information security.

The director of the new cyberspace office would oversee governmentwide operational evaluations on a frequent and recurring basis to make sure that agencies monitor, detect, analyze, protect and report known vulnerabilities and attacks. The director would also have to submit a series of reports to Congress.

In addition, the Commerce Department would also establish standards and guidelines for government information systems that mirror, as much as possible, standards used for national security systems to enhance information security and information sharing, the draft said.

The legislation would also give chief information security officers the authority to ensure that agencies can -- on an automated and continuous basis -- detect, report and mitigate cyber incidents. Each agency would also have to put in place its own information security program that has been approved by the director of the new White House office, according to the draft. Agencies would also be responsible for annual reports and evaluations.

Meanwhile, the bill focused on IT procurement would establish a Web site that would include information on the cost, schedule, and performance of all major government IT investments. The site would also include trend information on IT projects and information on investments that have exceeded their costs, schedules, or performance by more than ten percent of original plans.

If an IT project is determined to have a cost, schedule, or performance variance overrun of at least 40 percent from original projections, the agency would be required to develop a “remedial action plan” to fix the problem. Failure to fix the problem by required deadline would mean “additional funds may not be obligated to support expenditures associated with the project” until the requirements have been fulfilled, the draft said.

In addition, the IT acquisition measure would require chief information officers to create a program to improve their agencies’ IT procurement processes, according to the draft. Those programs would include ways to measure performance in real time and a process through which the CIO could stop the funding of an IT investment if it is at risk of failure.


About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.