Educause Security Discussion mailing list archives
Re: SECURITY Listserv Instructions and ParticipationGuidelines
From: Rodney Petersen <Rodney () UMD EDU>
Date: Mon, 8 Jul 2002 01:31:47 -0400
Below is a clarification that I posted to the EDUCAUSE CIO Discussion List in March and circulated elsewhere in response to confusion surrounding the status of the "Safe Computing Environment" proposal. I have learned that elements of the research community are not eager to support the addition of computer security to other compliance measures already attached to receipt of federal funding. However, I find them sympathetic to concerns about improving IT security in the research context. I think the bill where you will find Senator Edwards language is S.1900 - a companion bill to S.1901 - that I cite below. Note that it calls for an "assessment of the advisability of a requirement". -Rodney Subject: Re: OMB Circular 102.600 -- Safe Computing Environment Requirements for Fed Grants Date: Tue, 26 Mar 2002 10:01:35 -0700 From: Rodney Petersen <rp72 () umail umd edu> To: CIO () LISTSERV EDUCAUSE EDU The EDUCAUSE Washington, D.C., office has confirmed with the Office of Management and Budget (OMB) and the Council on Government Relations (COGR) that the language contained in this message does not represent an official change to Circular A-110. OMB officials further confirm that such language is not currently under consideration and regret that someone originated a document in a format that appears as if it came from OMB and does not disassociate the proposal from official OMB processes. Securing cyberspace and the information infrastructure has become a critical concern for the federal government since 9/11. Consequently, there are numerous bills before Congress designed to improve IT security within the federal government, and we can expect that higher education will be called upon to do our part. One example currently under consideration is Senate Bill 1900 known as the "Cyberterrorism Preparedness Act of 2002" that will establish a grant program "to support the development of appropriate cybersecurity best practices . . . [and] long-term cybersecurity research and development." Section 2(g)(4)(A)(i) calls for "an assessment of the advisability of requiring the contractors and grantees of the Federal Government to use appropriate cybersecurity best practices." EDUCAUSE recognized the significance of these issues when it established a Computer and Network Security Task Force in July 2000. The task force is working closely with Internet2 and federal agencies to ensure that we develop a thoughtful and measured response to the demand for better security. The identification and dissemination of "cybersecurity best practices" is consistent with the mission of the task force. However, EDUCAUSE and the broader academic research community are not likely to favor government imposed requirements or certifications. If there are further reports of government regulation or legislation at the State or federal level that will impact higher education and IT security, I encourage you to bring those items to my attention (rpetersen () educause edu) so the policy staff and task force can intervene appropriately and communicate accurate, timely information to our members. Rodney Petersen EDUCAUSE/University of Maryland Randy Marchany wrote:
There was some draft language that SANS put out for comment that would require adequate security procedures to be in place as a condition of the grant. Don't know what its status is nowadays. Randy Marchany ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/cg.html.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/cg.html.
Current thread:
- Re: SECURITY Listserv Instructions and ParticipationGuidelines H. Morrow Long (Jul 03)
- <Possible follow-ups>
- Re: SECURITY Listserv Instructions and ParticipationGuidelines Wayne Wilson (Jul 03)
- Re: SECURITY Listserv Instructions and ParticipationGuidelines Rodney Petersen (Jul 07)
- Re: SECURITY Listserv Instructions and ParticipationGuidelines Randy Marchany (Jul 08)
- Re: SECURITY Listserv Instructions and ParticipationGuidelines Gene Spafford (Jul 08)