http://www.washtech.com/news/govtit/15495-1.html By Brian Krebs, Newsbytes.com Tuesday, March 5, 2002; 6:15 PM Rep. Tom Davis, R-Va., introduced legislation today to extend the life of a law that has shown just how vulnerable government agency networks are to hacker attacks. Davis' bill would permanently reauthorize the Government Information Security Reform Act (GISRA) of 2000, a statute that requires agencies to conduct annual security assessments and penetration tests on their non-classified information systems. President Clinton signed the measure into law in October 2000 as part of the Defense Department appropriations package for 2001, As such, the law would expire on Nov. 29, 2002. "We cannot afford to delay enactment of this legislation," said Davis, who chairs the House Government Reform Subcommittee on Technology and Procurement Policy. "At a time when uncertainty threatens confidence in our nation's preparedness, the federal government must make information security a priority." Under GISRA, agencies are graded on the results of penetration testing and overall security. In last year's round of penetration tests, nearly all federal agencies earned a grade of "D" or lower for computer security. The new bill would add teeth to the security tests by forcing federal agencies to adopt minimum computer security standards as established by the National Institute of Standards and Technology (NIST). More specifically, the legislation would no longer allow agencies to seek waivers of the NIST standards, as permitted under the Computer Security Act of 1987. Rather, the bill would require the Office of Management and Budget to make those minimum standards compulsory and binding. The OMB has said it plans to begin tying each agency's computer security report card to its annual budget request by cutting funds for IT projects that continually fail to meet minimum security standards. Davis introduced his bill in advance of a hearing on the lessons learned from GISRA, scheduled for Wednesday in the House Government Reform Subcommittee on Government Efficiency, Financial Management, and Intergovernmental Relations. The chair of that subcommittee, Rep. Stephen Horn, R-Calif., is the lead co-sponsor of Davis' bill. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Mar 06 2002 - 03:07:31 PST