New bill extends computer security law

Summary:The bill would extend a law that requires government agencies to regularly test their technological security--an act that is set to expire in November.

A new bill would extend a law that requires government agencies to regularly test their technological security.

The Federal Information Security Management Act, introduced by Rep. Tom Davis, R-Va., would extend the Government Information Security Reform Act of 2000, which is set to expire in November. That law required government agencies to make annual security assessments and tests of nonclassified information systems.

The law requires agencies to grade themselves; most have done poorly so far. According to Davis, 16 of the 24 agencies evaluated in 2001 received a failing grade, and only one agency got better than a C+.

The new bill would also attempt to beef up network security. The bill, HR 3844, would require federal agencies to adopt minimum security standards established by the National Institute of Standards and Technology. Under the Computer Security Act of 1987, agencies could get a waiver from adhering to the standards.

"Information security cannot go the way of any other 'issue du jour,'" Davis said at a hearing before the Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations on Wednesday. "It is a constant management requirement that requires eternal vigilance, and the ranking of its importance to federal operations cannot fluctuate from one administration to the next."

Topics: Legal, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.