Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] Cybersecurity checklist,

Cybersecurity checklist for federal agencies under consideration

By William New, National Journal's Technology Daily, July 15, 2002

Under a tentative agreement between members of the high-tech industry and 
key senators, federal agencies would be required to use a checklist for 
cybersecurity risk developed by the National Institute of Standards and 
Technology (NIST). The agreement represents a compromise on language in a 
bill, S. 2182, offered by Sen. Ron Wyden, D-Ore., to increase cybersecurity 
research, coordinate research efforts of government, academia and industry, 
and educate more cybersecurity researchers in the future. S. 2182 would 
provide $978 million in grant funds to create research programs at NIST and 
the National Science Foundation. The Wyden bill is the Senate version of 
the House-passed H.R. 3394, introduced by House Science Committee Chairman 
Sherwood Boehlert, R-N.Y. The Senate version would have to be reconciled 
with Boehlert's version. Senators are hopeful they can get agreement 
without having to go to formal conference with the House on the bill, one 
staffer said. The language in question is based on a bill, S. 1900, offered 
by Sen. John Edwards, D-N.C., that would have required agencies to adopt 
benchmark security standards developed by NIST. But several members of the 
tech industry, particularly the Business Software Alliance and the 
Information Technology Association of America, expressed concern that the 
standards would be overly restrictive. Both trade associations have signed 
off on the new version, sources said. The modified language specifically 
states that NIST would develop a checklist instead of establishing 
benchmark standards. But this approach still will help ensure federal 
agencies improve cybersecurity practices, an aide to Edwards said Monday.
"It gets everyone up to speed by forcing them to look at this checklist," 
the Edwards aide said. "A lot of agencies lack the resources to do security 
checks themselves. This means NIST will do it for them." But while agencies 
would have to use the checklist, the adoption of best practices included in 
the bill would not be mandatory, the aide noted. However, if agencies 
choose not to follow the NIST best practices, they would have to explain 
their alternative. Reporting on cybersecurity efforts is a requirement 
under the Government Information Security Reform Act (GISRA), which is up 
for renewal this year. The Wyden-Edwards substitute amendment contains 
another provision different from the House version, drawing from another 
Edwards bill, S. 1901. The provision sets up a scholarship program to 
increase the number of faculty teaching cybersecurity courses at the 
university level, and provides funding to universities to establish online 

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.