Security bill evolving

Rep. Janice Schakowsky (D-Ill.) intends to offer an amendment to a bill that is designed to boost congressional oversight of information security.

"There does seem to be one significant hole in this legislation," Schakowsky said, referring to the Federal Information Security Management Act (FISMA).

"As we learned in confronting the [Year 2000] problem, we can't be sure all of the systems are fixed until we know where they all are," said Schakowsky, ranking member of the House Government Reform Committee's Government Efficiency, Financial Management and Intergovernmental Relations Subcommittee, in a statement May 2.

Very few agencies have kept the Year 2000 systems inventory current, she said.

The amendment would require agencies to maintain an up-to-date inventory of their systems and develop a plan to test all systems during a five-year period.

FISMA would update and extend the Government Information Security Reform Act of 2000, which expires Nov. 29. GISRA combined many federal security policies into one law and mandated an annual assessment to track compliance.

"Continued authorization of federal information security legislation is essential to sustain agencies' efforts to implement good security practices and to identify and correct significant weaknesses," said Robert Dacey, director of information security issues at the General Accounting Office.

Under GISRA, agencies provide security reports to the Office of Management and Budget, which then briefs Congress.

"I am not satisfied with our federal government's overall performance in securing our information infrastructure," said Rep. Tom Davis (R-Va.), who introduced FISMA March 6. "The bottom line is that we are still too vulnerable."