Information Security News mailing list archives
New opportunities for NIST
From: InfoSec News <isn () c4i org>
Date: Tue, 3 Dec 2002 03:36:56 -0600 (CST)
http://www.fcw.com/fcw/articles/2002/1202/news-home1-12-02-02.asp By Diane Frank Dec. 2, 2002 Both the Homeland Security Act of 2002 and the E-Government Act of 2002 include provisions that attempt to raise the profile of cybersecurity initiatives. Central to each bill is a potentially larger role for the National Institute for Standards and Technology. NIST has developed security guidance for years, but agencies are not required to follow it because the secretary of the Commerce Department has rarely used the authority granted in the Computer Security Act of 1987 to make NIST's standards and guidance mandatory. Underscoring the importance of security, the e-government bill reaffirms that authority and "a lot of us hope that the secretary will use that authority more extensively than in the past," said Franklin Reeder, chairman of the federal Computer Systems Security and Privacy Advisory Board. The bill "stresses the importance of this set of responsibilities" and could be important as NIST follows through on new requirements in both the e-gov and homeland security acts to develop and revise performance measures for agencies' security policies and programs, said Ed Roback, director of NIST's Computer Security Division. Federal security could improve if the secretary should decide to make additional NIST guidance and standards mandatory, but such a decision could also have drawbacks, said Sallie McDonald, assistant commissioner for information assurance and critical infrastructure protection at the General Services Administration. "But you don't get people's cooperation for the right reasons," and involuntary compliance could lead to agencies just checking off another requirement box instead of using the guidelines to improve their security management, she said. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- New opportunities for NIST InfoSec News (Dec 03)
- <Possible follow-ups>
- Re: New opportunities for NIST InfoSec News (Dec 04)
- Re: New opportunities for NIST InfoSec News (Dec 05)
- Re: New opportunities for NIST InfoSec News (Dec 09)