VA NEWS FLASH from Larry Scott at VA Watchdog dot Org -- 06-24-2006 #7       

Want more information on this and other veterans' topics?
 Try the VA Watchdog dot Org Search Engine.

VA ATTORNEY INTERPRETED CIO OUT OF ENFORCEMENT --

"The CIO wanted authority that was not there in statute."

 

 

Story here... http://www.gcn.com/online/vol1_no1/41164-1.html

Story below:

---------------

VA attorney interpreted CIO out of enforcement

By Mary Mosquera, GCN Staff



The Veterans Affairs Department’s top attorney defended his legal opinion that federal security law does not require that the department CIO have authority over enforcement of IT security.

VA secretary Jim Nicholson has ultimate responsibility for ensuring compliance with federal security provisions and may delegate that authority to the department CIO, but it is not required or automatic, VA general counsel Tim McClain told House lawmakers yesterday.

“The CIO wanted authority that was not there in statute. The legal opinion was the interpretation of what the law provides,” McClain told the House Veterans Affairs Committee, which was questioning who has responsibility and authority over enforcement of VA IT security policies and procedures.

It was one of several hearings that committee chairman Steve Buyer (R-Ind.) has conducted in response to the recent theft of sensitive data from a VA employee’s home.

The Federal Information Security Management Act requires the VA secretary to delegate to the CIO “sufficient authority” to ensure compliance but does not direct the means for how the CIO ensures compliance, McClain said.

“That does not necessarily require delegation to the CIO of direct control over agency programs because such control is not the only means by which the information security objectives may be accomplished,” he said.

Buyer said that FISMA should be updated to give department CIOs the line of authority to enforce security policies and procedures.

“It’s not to be subject to interpretation. It’s incongruent to say that one has responsibility but no authority,” Buyer said.

VA has since adopted a federated model of centralizing the IT structure. The department CIO has authority over IT operations and maintenance and the IT employees associated with that. VA’s benefits, health and burial administrations will retain authority over IT development and those employees. Consequently, IT security enforcement will remain somewhat decentralized. The House last year passed legislation that would centralize all IT authority under the department CIO.

---------------


Larry Scott

 

(go back to VA Watchdog dot Org Home Page)

Google
 
Web www.vawatchdog.org


FAIR USE NOTICE: This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such materials available in an effort to advance understanding of veterans' issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed an interest in receiving the included information for educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.
 

Send this page to a friend:    


Now we have VA Watchdog Stuff

Cups, Hats, Shirts and more

Click here to order and support the site


Here's the link to subscribe to VA NEWS FLASH as an RSS feed
 

Comments on this VA NEWS FLASH?  Email Larry
key available on request

 

  

YOUR AD HERE  - Advertise on VA Watchdog dot Org and reach veterans worldwide - click