Evans stresses security standards

Information Systems Security RFI

A greater emphasis on uniform security practices might be necessary to strengthen federal information systems' security, an Office of Management and Budget official testified at a recent congressional hearing.

Karen Evans, OMB's administrator for e-government and information technology, told members of the House Government Reform Committee last week that a new cybersecurity line-of-business initiative could become a basis for the next wave of security improvements.

Evans said the interagency effort might improve information systems security by creating, for example, uniform reporting standards for inspectors general, who are responsible for submitting annual security reports to Congress and OMB.

Other administration officials say the initiative could save taxpayers’ money by reducing the amount of duplicated efforts that agencies expend on information security and consolidating federal requirements to get greater volume discounts on information security products and services.

By law, agencies must improve information security to comply with the Federal Information Security Management Act of 2002, which OMB administers.

As part of the cybersecurity line-of-business initiative, OMB officials have appointed an interagency task force to investigate ways to improve FISMA compliance. One of the group's first actions was to issue a request for information from industry.

The RFI, published April 4, asks Fortune 500 companies and other large entities if they would be willing to share their best information systems security policies, procedures and practices with federal officials. Task force members will review the responses, which are due May 5, and make recommendations to OMB by Sept. 1.

Chris Campbell, senior analyst for federal market analysis at Input, said vendors benefit when they answer such RFIs, even though no contracts are likely to result in the short run.

Campbell said vendors might expect to see OMB and other lead agencies "getting all these ideas from industry, putting out guidelines and certifying vendors to provide different parts of a security system, and then saying this is the type of security system you should be working toward, and these are the vendors who can help you get there."

An industry day is scheduled for April 18 in Washington, D.C., in which federal officials will present information about the RFI and governmentwide cybersecurity initiatives. Contact itslob.gsa.gov.