FISMA News

CSIA Hands Out Federal Progress Report for 2006, 2007

(Jan 31, 2007)--The Cyber Security Industry Alliance (CSIA) called upon the federal government to significantly bolster its efforts to ensure the security of sensitive information, improve the security and resiliency of the critical information infrastructure and increase federal information assurance in 2007. CSIA's latest annual report, the 2007 Agenda for U.S. Government Action, identifies specific actions for Congress and the Administration to focus on improving information security for citizens, industry and governments globally. As part of the Agenda, CSIA also issued its Federal Progress Report for 2006 on the government's limited advancements in these same areas.

"While the government has taken some positive steps forward to improve the state of information security, action has been decidedly mixed," said Liz Gasster, acting executive director and general counsel of CSIA. "CSIA commends the government for moving forward on several key initiatives including the Senate's ratification of the Council of Europe's Convention on Cyber Crime and the appointment of an Assistant Secretary for Cyber Security and Telecommunications. However, we are discouraged by Congress' inability to pass a comprehensive federal law to protect sensitive personal information, even in the face of more than 100 million Americans having their data records exposed. In 2007, CSIA will work even harder to urge swift action from Congress to pass this much-needed legislation."

Review of the State of Information Security in the U.S. in 2006

A year ago, CSIA called on the Administration and Congress to enhance the nation's information security and reliability for consumers, industry and the government by acting on 13 critical recommendations to protect the nation against cyber threats. CSIA issued a Federal Progress Report to grade the government on its follow-through on its 2006 recommendations. Security of Sensitive Information, Security & Resiliency of Critical Information Infrastructure, Federal Information Assurance get Grade: D for not meeting the expectations.

A Government Call to Action for 2007

In its 2007 Agenda for U.S. Government Action, CSIA has the following recommendations to help improve the privacy, reliability and integrity of information.

Security of Sensitive Information: Pass a comprehensive federal law to secure sensitive personal information and notify consumers in case of a breach. This data security legislation should apply equally to all government and private sector entities that collect, maintain or sell significant numbers of records containing sensitive personal information, and require organizations to establish reasonable security measures to ensure the confidentiality and integrity of sensitive personal information, in order to minimize the likelihood of a breach.

Security & Resiliency of Critical Information Infrastructure: DHS should quickly establish cyber security and telecommunications priorities that address situational awareness, emergency communications and recovery and reconstitution and ensure that appropriate funding is in place to support these programs. In the event of a major information infrastructure attack or disruption, an integrated, dedicated system should be implemented that can monitor the entire information infrastructure.

Federal Information Assurance: Congress and the Administration should work together to strengthen the Federal Information Security Management Act (FISMA). To effectively establish and maintain a comprehensive information security program, the power of federal CIOs should be strengthened so that they can better enforce authority concerning budgets and personnel resources. Federal agencies should increase their assessments and testing of information security controls, and acquisition regulations should be revised to ensure that all federal contractors comply with FISMA requirements. In addition, all agencies establish a common requirement to notify citizens in case of a breach of sensitive personal information.

Share or bookmarklet this web page at: