Putnam questions OMB oversight

Rep. Adam Putnam opened a March 16 hearing on information security by promising oversight commensurate with the threat posed by insecure computer systems in federal agencies.

Putnam, chairman of the Government Reform Committee's Technology, Information Policy, Intergovenmental Relations and the Census Subcommittee, grilled a half dozen cabinet agency officials but directed his toughest questioning at Karen Evans, administrator for electronic government and information technology in the Office of Management and Budget.

Questioning how tough OMB has been on federal agencies for having dismal security grades, the congressman asked Evans how much money OMB had actually withheld from agencies' budgets for modernizing or developing new information systems — a figure that Evans said she was unable to provide at the hearing.

Evans said that OMB hoped to move beyond status reporting this year to more mature metrics that consider the quality of agencies' security work, especially the quality of their certification and accreditation procedures.

A representative from the National Institute of Standards and Technology later testified that NIST has sufficient funds to carry out its responsibilities for providing guidelines for compliance with the Federal Information Security Management Act of 2002, for which Putnam had been awarding security grades.

However, Benjamin Wu, deputy undersecretary for technology at Commerce Department, of which NIST is a part, said budget constraints are causing NIST to scale back other critical information technology research.