Standards, Regulations & Compliance
5 Things You Didn't Know About Cybersecurity BillLicensing IT Security Pros Among Provisions
But portions of the bill that aren't as provocative failed to gain much attention, yet they would have a greater impact on the everyday working lives of government employees charged with providing IT security and to the citizens and businesses they serve to protect. Here are five of lesser-known provisions of the legislation:
- Licensing Cybersecurity Pros: Three years after Congress enacts the legislation, anyone providing cybersecurity services to the federal government or elements of the nation's critical IT infrastructure designated by the president must be licensed under a program developed under the direction of the Commerce secretary.
- Cybersecurity Dashboard: The Commerce Department, working with the Office of Management and Budget, will develop a plan to create a system to provide dynamic, comprehensive, real-time cybersecurity status and vulnerability information for all federal IT systems and networks managed by the Commerce Department. If such a dashboard is created, it likely would be adopted by other government agencies.
- New Metrics:Within one year of enactment, the National Institute of Standards and Technology will establish measurable and auditable cybersecurity standards for all federal agencies, contractors and designated critical infrastructure systems and networks.
- National Cybersecurity Awareness Campaign: The Commerce Secretary will implement a national cybersecurity awareness campaign designed to heighten pubic awareness of cybersecurity concerns that communicates the government's role in securing the Internet and protecting the privacy and civil liberties with respect to Internet activities.
- Cybersecurity Risk Management Report: The president will report to Congress within a year of the bill's enactment the feasibility of creating a market for cybersecurity risk management, including the creation of a system of civil liability and insurance including government reinsurance and requiring cybersecurity to be a factor in all bond ratings.