Bill targets government's tech security

Summary:A new bill would extend a law that requires government agencies to regularly test their technological security. The Federal Information Security Management Act, introduced by Rep. Tom Davis, R-Va., would extend the Government Information Security Reform Act of 2000, which is set to expire in November. That law required government agencies to make annual security assessments and tests of nonclassified information systems. The law requires agencies to grade themselves; most have done poorly so far. According to Davis, 16 of the 24 agencies evaluated in 2001 received a failing grade, and only one agency got better than a C+. The new bill would also attempt to beef up network security. The bill, HR 3844, would require federal agencies to adopt minimum security standards established by the National Institute of Standards and Technology. Under the Computer Security Act of 1987, agencies could get a waiver from adhering to the standards. --Margaret Kane, Special to ZDNet News

A new bill would extend a law that requires government agencies to regularly test their technological security.

The Federal Information Security Management Act, introduced by Rep. Tom Davis, R-Va., would extend the Government Information Security Reform Act of 2000, which is set to expire in November. That law required government agencies to make annual security assessments and tests of nonclassified information systems.

The law requires agencies to grade themselves; most have done poorly so far. According to Davis, 16 of the 24 agencies evaluated in 2001 received a failing grade, and only one agency got better than a C+.

The new bill would also attempt to beef up network security. The bill, HR 3844, would require federal agencies to adopt minimum security standards established by the National Institute of Standards and Technology. Under the Computer Security Act of 1987, agencies could get a waiver from adhering to the standards. --Margaret Kane, Special to ZDNet News

Topics: Legal, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.