House leader to push broad reform of info tech practices

Rep. Tom Davis, R-Va., plans to introduce legislation early next year to reauthorize and expand the 2000 Government Information Security Reform Act (GISRA).

The law, which is set to expire next October, requires chief information officers and inspectors general in government agencies to assess the vulnerability of their security programs and practices. But Davis said in a speech Tuesday that his legislation would go further by forcing agencies to utilize "best practices" in information security.

The bill also would strengthen the role of the National Institute of Standards and Technology in developing and maintaining information security standards, ensuring that agencies identify the risks associated with their systems and implement appropriate protections. And it would require the White House Office of Management and Budget to make the standards compulsory, eliminating a waiver available under the Computer Security Act.

Davis' staff has begun circulating the draft legislation among relevant committees.