Thursday, February 14, 2008
Federal Government Operations
Federal Government Operations
Federal Information Security: Joint Hearing on HR 4791
On Thursday, February 14, 2008 at 11:30 a.m., in 2154 Rayburn, the Government Management and Information Policy Subcommittees held a joint legislative hearing on H.R. 4791.
H.R. 4791 updates the Federal Information Security Management Act to establish new agency requirements for securing personal or sensitive data.
The bill fixes weaknesses identified by recent Oversight Committee investigations into federal data breaches.
H.R. 4791 includes:
•a comprehensive definition of personally identifiable information (PII) that would encompass a broader category of sensitive information about an individual and provide greater clarity for agencies to determine what types of information is sensitive in nature;
•requirements for the development of OMB policies and procedures in order to: (1) secure PII that is stored on mobile digital devices or media; (2) establish protocols and risk categories for agencies to adhere to in the event of a data breach; and (3) develop effective system configuration requirements for agency systems government wide;
•agency requirements for compliance with OMB established policies and procedures, including strengthened reporting requirements, evaluation activities, and remediation plans where necessary;
•requirements for the development of agency plans to reduce the risks against federal networks posed by ‘peer-to-peer’ file-sharing software;
•requirements for an annual independent audit of agency information security programs in conformance with generally acceptable government auditing standards; and
•requirements for conducting privacy impact assessments (PIAs) for agency purchases of information containing PII from commercial data brokers, as well as new restrictions on certain contracts with commercial data brokers not having effective information security or privacy programs.
The following witnesses testified:
The Honorable Karen S. Evans, Administrator, E-Government and Information Technology, Office of Management and Budget
Mr. Gregory C. Wilshusen, Director, Information Security Issues, Government Accountability Office
Mr. Alan Paller, Director of Research, SANS Institute
Mr. Bruce McConnell, President, McConnell International, LLC
Mr. Tim Bennett, President, Cyber Security Industry Alliance
Documents and Links
Testimony of The Honorable Karen Evans (438 KB)- Testimony of Mr. Gregory Wilshusen (289 KB)
- Testimony of Mr. Alan Paller (1 MB)
- Testimony of Mr. Bruce McConnell (126 KB)
- Testimony of Mr. Tim Bennett (367 KB)
- 02/14/08 Witness List (56 KB)
