[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Gesetz zur IT-Sicherheit der US-Regierung soll entfristet werden
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
Der "Government Information Security Reform Act (GISRA) of 2000", der im
Oktober 2000 in Kraft trat und am 29.11.2002 auslaufen würde, soll
unbefristet verlängert werden. Zusätzlich sollen einige Bestimmungen,
u.a. des "Computer Security Act of 1987", verschärft werden.
RB
http://www.washtech.com/news/govtit/15495-1.html
Lawmaker: Extend Law For Federal Computer Security Tests
By Brian Krebs,
Newsbytes.com
Tuesday, March 5, 2002; 6:15 PM
Rep. Tom Davis, R-Va., introduced legislation today to extend the life
of a law that has shown just how vulnerable government agency networks
are to hacker attacks.
Davis' bill would permanently reauthorize the Government Information
Security Reform Act (GISRA) of 2000, a statute that requires agencies
to conduct annual security assessments and penetration tests on their
non-classified information systems.
President Clinton signed the measure into law in October 2000 as part
of the Defense Department appropriations package for 2001, As such,
the law would expire on Nov. 29, 2002.
"We cannot afford to delay enactment of this legislation," said Davis,
who chairs the House Government Reform Subcommittee on Technology and
Procurement Policy. "At a time when uncertainty threatens confidence
in our nation's preparedness, the federal government must make
information security a priority."
Under GISRA, agencies are graded on the results of penetration testing
and overall security. In last year's round of penetration tests,
nearly all federal agencies earned a grade of "D" or lower for
computer security.
The new bill would add teeth to the security tests by forcing federal
agencies to adopt minimum computer security standards as established
by the National Institute of Standards and Technology (NIST).
More specifically, the legislation would no longer allow agencies to
seek waivers of the NIST standards, as permitted under the Computer
Security Act of 1987. Rather, the bill would require the Office of
Management and Budget to make those minimum standards compulsory and
binding.
The OMB has said it plans to begin tying each agency's computer
security report card to its annual budget request by cutting funds for
IT projects that continually fail to meet minimum security standards.
Davis introduced his bill in advance of a hearing on the lessons
learned from GISRA, scheduled for Wednesday in the House Government
Reform Subcommittee on Government Efficiency, Financial Management,
and Intergovernmental Relations. The chair of that subcommittee, Rep.
Stephen Horn, R-Calif., is the lead co-sponsor of Davis' bill.
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo -!
- attrition -
org with 'unsubscribe isn' in
the BODY
of the mail.
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.