The National Association of State Chief Information Officers (NASCIO) released a new issue brief: Desperately Seeking Security Frameworks -- A Roadmap for State CIOs. The brief, a product of NASCIO's Security and Privacy Committee, maintains that CIOs, chief security officers and the IT security professionals who work with them face a challenging and sometimes confusing array of security frameworks that may be pushed down by federal agencies, issued by national or international standards bodies, promoted by industry as best practice, or in some instances, be written into law or federal regulation. Desperately Seeking Security Frameworks provides an overview of the primary security standards, regulations, and laws that impact state IT security programs, highlights how states have used the frameworks to shape their security architectures, policies, standards, and controls, and identifies the key issues for CIOs as they establish and maintain IT security programs.
"This brief should make clear that the standards environment for IT security is complex and dynamic," said Michigan CIO Ken Theis, Co-Chair of the NASCIO Security and Privacy Committee, "but I would underline the criticality of state CIOs selecting a security framework to drive their programs forward. The security of the digital infrastructure maintained by state IT programs makes this imperative."
Colorado CIO Mike Locatis, Co-Chair for the NASCIO Security and Privacy Committee added, "The infusion of federal dollars coming as a consequence of the American Recovery and Reinvestment Act puts significant new pressures on state IT programs to support recovery programs and services. It also increases the likelihood that the federal government will impose stricter security controls as part of broader concerns about transparency and accountability in the use of recovery monies. This heightens the need for states to understand existing and new IT security standards to ensure that their programs employ and integrate these as necessary."
