office of management and budget

Data security bill gains traction

Thu, 21 Feb 2008 06:59:59 -0500

Congress is currently grappling with legislation to fight cybercrime and to improve government information security compliance. The measure is likely to have an impact on the private sector, too. The proposal would update the Federal Information Security Management Act, which sets up requirements for securing personal or sensitive data.

The bill includes a broader definition of "personally identifiable information" and strengthens reporting and auditing requirements. It also calls for privacy impact assessments for agency purchases of lists containing potentially sensitive information from commercial data brokers.

The legislation is controversial, and faces some serious opposition. Karen Evans, administrator of eGovernment at the Office of Management and Budget, told a Congressional committee in written testimony that the bill could "seriously impact established agency security and privacy practices while not necessarily achieving the outcomes of improved privacy or security."

Cyber Security Industry Alliance President Tim Bennett said that OMB guidance has been "uneven" and too focused on compliance with memorandum and circulars. A similar bill already passed by the Senate would give federal prosecutors tools to fight identity theft and cybercrime. "The bad guys are moving quicker and getting more sophisticated every day and we don't have time to lose," Bennett said.

For more on this security bill:
- See this GovernmentExecutive article

Software as a service gets White House nod

Tue, 22 Jan 2008 06:59:59 -0500

The White House became the latest supporter of software as a service (SaaS) to make the electronic world hum instead of clang. Karen Evans, administrator of the Office of Management and Budget's Office of Electronic Government and Information Technology, said the U.S. government needs to move to a more service-oriented software model. "Our track record is clear--we are not very good at delivering our own software in the time frame set," Evans said at an SaaS/Gov conference in Washington, D.C. Some federal agencies haven't embraced the idea because they want control of software development, she said. But government agencies cannot afford to keep developing their own software without sharing with other agencies.

Software as a service has been hailed as a way for agencies to deal with budget cutbacks and to get a bigger bang for their buck. But whether software as a service is a real trend or a short-term fad is up in the air. We'd be interested in knowing what you think about this--let us know in the comments.

For more on software as a service:
- Check out this PC World article

Congress passes Patent Reform Act

Mon, 10 Sep 2007 06:59:59 -0400

In an effort to balance the need to protect small inventors with encouragement for large players to innovate, the U.S. House of Representatives on Friday passed the Patent Reform Act. The bill aims to overhaul the patent system, but many consider it a big win for large technology companies like Microsoft and IBM because it allows courts to assess damages in patent infringement cases differently. Currently, courts consider the value of the entire product when a small piece of the product infringes a patent. The new bill allows courts to base damages only on the value of the infringing piece. Large organizations like the direction of the new patent law because it will make it more difficult to be sued unless the entire concept of a new idea is infringed upon. Those who oppose the reform initiative say it will leave small players vulnerable. Among those raising an eyebrow is the White House Office of Management and Budget (OMB). OMB issued a statement on Thursday saying it opposes the bill, citing concerns that the changes in assessment of damages would "introduce new complications and risks reducing incentives to innovate."

For more on the Patent Reform Act:
- read the article in Infoworld

IPv6: How much will it cost?

Tue, 04 Sep 2007 06:59:58 -0400

The U.S. Office of Management and Budget is hanging tough with its mandate to start rolling out IPv6 across the entire federal government by 2008. The estimated cost for the U.S. government's transition to IPv6 is pegged at approximately $25 billion over 25 years. Last week, defense contractor Lockheed Martin announced that it would roll out IPv6 on and between ten locations of its Global Vision Network, spanning from California to the United Kingdom. The new protocol is expected to be up and running by next month. It turns out that many early adopters are finding the transition to IPv6 to be relatively simple because the new protocol is already supported by all current operating systems and the majority of current routers. As a result, the basic upgrade is relatively painless and cheap for almost everyone except the operators of fast networks that use slightly older routers, according to an article in Ars Technica. Still, there are some challenging areas that need to be overcome, including tough issues with certain firewalls and load balancers.

For all the details on IPv6:
- read the article in Ars Technica

Fed deadline to protect data comes and goes

Thu, 10 Aug 2006 20:01:35 -0400

Given the laptop thefts and other security incidents hitting the news on the federal government level, it's safe to say that a mandate for good security checklists and proper remote data protection hasn't been deployed too well. The Office of Management and Budget had declared agencies, by this past August 7th, develop a security checklist, work on encrypting mobile data, provide remote access through two-factor authentications and verification on database extraction activity.

For more insight on the federal security mandate status:
- read more at InformationWeek

Federal agencies get new data security mandate

Thu, 13 Jul 2006 20:01:38 -0400

In the strongest directive yet at getting a grip on data security, the Office of Management and Budget (OMB) has stipulated that all federal agencies report a data breach or data security incident related to personal identification information within one hour of the event. Up until now, agencies knew they had to report such incidents, but various time frames were stipulated by the Federal Information Security Management Act of 2002. Even if the breach or theft isn't yet confirmed, the agencies must notify the OMB. Skeptics still think that agencies will not be reporting everything.

For more on the new federal data security mandate:
- check out this article at Government Computer News

PLUS: In the private sector, data theft is a big financial headache. Article

SPOTLIGHT: Fed IT spend to dip slightly before increasing

Tue, 28 Mar 2006 19:01:33 -0500

While homeland security is pulling in new technology and spending money, most federal IT organizations are keeping spend down or at par with last year's budgets. In fact, federal tech spend may actually dip in the next two years before burgeoning up around 2011. The main reason for the initial pull back is that agencies are focused on meeting performance and measurement guidelines set by the Office of Management and Budget. Article