THOMPSON/LIEBERMAN
BILL ENFORCING MANAGEMENT, ACCOUNTABILITY TO BETTER PROTECT GOVERNMENT
COMPUTER SYSTEMS IS UNANIMOUSLY APPROVED
Washington,
DC – The Senate Governmental Affairs Committee today unanimously
approved S. 1993, the Government Information Security Act. Introduced
by Chairman Fred Thompson (R-TN) and Ranking Member Joseph Lieberman
(D-CT), the legislation provides a comprehensive framework for
agencies to make their systems more secure while providing continuous,
uninterrupted services to the public.
Since
Senator Thompson became chairman of the Committee in 1997, the
Committee has heard from security experts, senior government officials
and the General Accounting Office about the persistent security risks
associated with the government’s information holdings. In response
to these findings, Senators Thompson and Lieberman introduced the
Government Information Security Act on November 19, 1999.
The
Thompson/Lieberman substitute amendment to S. 1993 offered and
approved by the Committee today reflects comments from the Committee’s
March 2, 2000 hearing and from working with the Office of Management
and Budget, agency Inspectors General, the Department of Defense and
others in the intelligence community and industry. Also approved by
the Committee was an amendment offered by Senator Daniel Akaka (D-HI)
to require agencies to include information on the resources (budget,
staffing, and training) necessary to implement their information
security programs in their annual performance plans required under the
Government Performance and Results Act (GPRA). The bill will be
considered by the full Senate in the near future.
Highlights
of S. 1993:
Establishes
federal agency accountability for information security as needed to
cost-effectively protect the assets and operations of the agency by
creating a set of management requirements derived from GAO "Best
Practices" audit work
Requires
agencies to have an annual independent evaluation of their information
security programs and practices to assess compliance with authorized
requirements and to test effectiveness of information security control
techniques
Provides
protections and oversight for national security systems and other
classified information systems responsibility to be vested in the
Secretary of Defense and the Director of Central Intelligence
Includes
initiatives promoting increased flexibility and incentives for agency
managers to attract the best and brightest information technology
talent through the use of scholarships, fellowships and Federal
service agreements
Focuses on
the importance of training programs and governmentwide incident
response handling.