Bill Fosters Gov-Wide Infosec CollaborationTop Agency CISOs Would Join Federal Information Security Taskforce
The Senate-confirmed director of a newly created National Center for Cybersecurity and Communications (N3C), would chair the taskforce, with its membership consisting of chief information security officers from large departments and agencies as well as other security-related government officials.
Among the goals of the taskforce, according to the legislation:
- Assist in the development of and annually assess guidance used to evaluate and audit federal IT systems;
- Share experiences and innovative approaches relating to threats against the federal information infrastructure, information sharing and information security best practices, penetration testing regimes and incident response, mitigation and remediation;
- Promote the development and use of standard performance indicators and measures for agency information security that are outcome-based, focus on risk management, align with agency business and program goals, measure improvements in the agency security posture over time and reduce burdensome and efficient performance indicators and measures;
- Recommend to the Office of Personnel Management the necessary qualifications to be established for chief information security officers, including education, training and experience;
- Enhance information system processes by establishing a prioritized baseline of information security measures and controls that can be continuously monitored through automated mechanisms; and
- Evaluate the effectiveness and efficiency of any reporting and compliance requirements that are required by law related to the information security of federal information infrastructure.
Besides the N3C director and CISOs, who would serve on the taskforce? The federal CIO as well as representatives from the White House Office of Cyberspace Policy that the bill also establishes, Office of the Director of National Intelligence, military cyber command, National Security Agency, United States Computer Emergency Readiness Team, Intelligence Community Incident Response Center, Committee on National Security Systems, National Institute of Standards and Technology, Council of Inspectors General on Integrity and Efficiency and state and local government as well as any officer or employ of the government designed by the taskforce chair.
The N3C director would serve as its chair, with the vice chair selected from the ranks of its members.