H.R. 5983 would amend the Homeland Security Act of 2002 to enhance the information security of the Department of Homeland Security.
Detailed Summary
Homeland Security Network Defense and Accountability Act of 2008 - Amends the Homeland Security Act of 2002 to direct the Secretary of the Department of Homeland Security (DHS) to delegate to the Department's Chief Information Officer (CIO) authority for the development, approval, implementation, integration, and oversight of DHS policies, procedures, activities, funding, and systems relating to information management and information infrastructure.
Lists CIO qualifications (including at least five years of executive leadership and management experience in information technology and information security) and functions (including establishing an incident response team).
Directs the CIO to establish, oversee the deployment of, and regularly update security control testing protocols that ensure that DHS's information infrastructure is effectively protected against known attacks and exploitations of federal and contractor information infrastructure.
Requires the Inspector General to conduct performance and programmatic reviews of DHS's information infrastructure to determine the effectiveness of its security policies and controls.
Requires the Secretary, before entering into or renewing a covered contract and acting through the CIO, to determine that the contractor has an internal information systems security policy that complies with DHS information security requirements. Delineates contract requirements regarding security (including requiring the contractor to provide contracted services on a continuing basis to DHS in the event of an unplanned or disruptive event) and subcontracting (including requiring the contractor to develop and implement a plan for the award of subcontracts to small business and disadvantaged business concerns).
Status of the Legislation
Latest Major Action: 6/26/2008: House committee/subcommittee actions. Status: Ordered to be Reported (Amended) by Voice Vote.
Points in Favor
(Log in to edit the wiki and be the first to show why the bill should pass!)
Points Against
(Log in to edit the wiki and be the first to show why the bill should not pass!)
Visitor Comments
Glenn Charles
I must be ignorant. How precisely do you make other people not attack you too much so your security works?
--oregonnerd
Ralph Cohen
Seems like a reasonable bill to me. It defines the minimum professional requirements for the position of Chief Information Officer and also sets evaluation standards for the review of work performed by subcontractors before their contracts can be considered for renewal.