Panel votes to tighten federal website security

A bill to tighten controls on the way federal websites capture user information won approval from the House Oversight and Government Reform Committee on March 13.

The measure would require any federal website that collects personally identifiable information from users -- including name, date of birth, Social Security number, or financial information -- must be certified as safe and secure by the agency CIO before going live.

Agency and contractor personnel with access to personal information would have to sign a non-disclosure agreement specifically covering personal data. Additionally, government agencies would be required to take "reasonable efforts" to secure multiple domain registrations to avoid confusing site visitors. For example, the bill envisions a site such as HealthCare.gov also being available at HealthCare.com and HealthCare.org.

"When entering their personal information on a federal website, Americans should have the peace of mind that it will remain private, safe, and secure from hackers," said the bill's sponsor, Michigan Republican Rep. Kerry Bentivolio.

The bill also includes an amendment from Rep. Gerry Connolly (D-Va.) that would require agencies to notify individuals whose information may have been disclosed in a security breach within 72 hours of the incident, and to report breaches to a federal cybersecurity center.

The committee also approved a bill to end the requirement that the Government Printing Office physically print the Federal Register, while easing constraints on how agencies submit notices to the GPO for inclusion in the Federal Register.