Washington, DC ? The Senate Governmental Affairs Committee today unanimously approved S. 1993, the Government Information Security Act. Introduced by Chairman Fred Thompson (R-TN) and Ranking Member Joseph Lieberman (D-CT), the legislation provides a comprehensive framework for agencies to make their systems more secure while providing continuous, uninterrupted services to the public.
Since Senator Thompson became chairman of the Committee in 1997, the Committee has heard from security experts, senior government officials and the General Accounting Office about the persistent security risks associated with the government?s information holdings. In response to these findings, Senators Thompson and Lieberman introduced the Government Information Security Act on November 19, 1999.
The Thompson/Lieberman substitute amendment to S. 1993 offered and approved by the Committee today reflects comments from the Committee?s March 2, 2000 hearing and from working with the Office of Management and Budget, agency Inspectors General, the Department of Defense and others in the intelligence community and industry. Also approved by the Committee was an amendment offered by Senator Daniel Akaka (D-HI) to require agencies to include information on the resources (budget, staffing, and training) necessary to implement their information security programs in their annual performance plans required under the Government Performance and Results Act (GPRA). The bill will be considered by the full Senate in the near future.
Highlights of S. 1993:
Establishes federal agency accountability for information security as needed to cost-effectively protect the assets and operations of the agency by creating a set of management requirements derived from GAO “Best Practices” audit work
Requires agencies to have an annual independent evaluation of their information security programs and practices to assess compliance with authorized requirements and to test effectiveness of information security control techniques
Provides protections and oversight for national security systems and other classified information systems responsibility to be vested in the Secretary of Defense and the Director of Central Intelligence
Includes initiatives promoting increased flexibility and incentives for agency managers to attract the best and brightest information technology talent through the use of scholarships, fellowships and Federal service agreements
Focuses on the importance of training programs and governmentwide incident response handling.