Sen. John Edwards (D-N.C.) is pushing legislation to direct the National Institute of Standards and Technology (NIST) to set higher standards for federal IT security. The Cyber Security Leadership Act (S. 187) would require NIST to set the standards after federal agencies performed an analyses of their networks and systems.
Edwards said in a floor statement that he hoped the bill would serve a model for the business community.
“These procedures will strengthen our government’s resistance to cyberattacks and will demonstrate to the business community the tremendous value in conducting comprehensive security tests and monitoring new developments,” Edwards said.
While federal agencies have been required since 2000 to perform analyses of their systems, Edwards said the agencies’ continued low marks in an annual survey by the General Accounting Office prompted him to push for higher standards. The senator said the federal government was setting a poor example for the public sector.
The Cyber Security Leadership Act, which has been referred to the Senate Governmental Affairs Committee, seeks to have federal CIOSs to identify vulnerabilities in their systems, set performance standards to eliminate the vulnerabilities and to evaluate IT security on a quarterly basis.
Introduced on Jan. 16, the bill is not yet available online.