Monday, July 9, 2007

Congressional Action

I am not a fan of Norm Coleman, who happens to be a Republican senator from Minnesota. Norm has decided that he wants to amend FISMA. It is called the "Federal Agency Data Breach Protection Act", and like most legislation, has no teeth. It leaves the implementation to OMB and sets no timeline for public notification of a breach. It is identical to H.R. 2124, which is not unusual. Since the same text needs to be passed in both the House and Senate.

So if you are reading this and thinking to yourself, "Oh deary me, now I have to change everything". Fret not. First, these bills must become law. Then OMB needs to decide how they are going to implement it. Lastly, you are probably doing all of what it is asking already. The only thing that agencies will really have to worry about is making sure that inventories are controlled and when employees or contractors are terminated that the government equipment is returned.

Further, this has been tried before and didn't make it. If you are an outsourced system, you should know that you will be subject to law.


rybolov said...

Hi Chris

I don't think a breach law aimed at the agencies will do anything above and beyond what already exists--ie, OMB Memo 06-19. So my big question is, "What's the value added?"

I'm not so sure what you mean by the last paragraph--it's non-sequitor.


Chris said...

I think you are right. I should have been more clear in my sarcasm.

As far as the last paragraph I was referring to the last two attempts at making a Data Breach law. The last sentence I aimed at a few contractors that I have run up against.

rybolov said...

So what do you mean with "a few contractors I have run up against"? That's such a tease of a comment. =)

Just curious because I deal with boundaries between government systems and contractor systems all day long, being the security manager for a managed service provider. There are some parts of my operations that you simply can't own for various reasons.

I talk about this stuff all the time on my blog, check it out. =)

Chris said...

I will do a full post on boundary issues. It is far too much for a comment.

But I will read your web log.