NASCIO Brings Attention to Impact of Disparate and Inconsistent Federal Cyber Regs and Audits

By Yejin Cooke posted 16 days ago

On June 21, NASCIO vice president and Oklahoma CIO, Bo Reese, brought attention to an issue unique to the state CIO and CISO community; harmonizing federal cybersecurity regulations. Reese testified before the Senate Homeland Security and Governmental Affairs Committee (HSGAC) "Harmonizing Cybersecurity Regulations" hearing about complex federal cybersecurity regulations and the disjointed and inconsistent audit process that usually accompanies these regulations.

Reese spoke about disparate federal regulations and the impact to state government IT, highlighting the fact that these regulations encourage cybersecurity investments based on compliance and not risk, which is the more secure approach. Reese also spoke about how federal regulatory audits often produce inconsistent results. For instance, one state CISO reports receiving five different results from the IRS when they audited five state agencies, all auditing the same statewide information security policy.

We encourage state CIOs and CISOs to share their story about how the federal regulatory scheme impacts state IT priorities like IT consolidation/optimization or its impact to cybersecurity investments. NASCIO will continue to work with Senate HSGAC, federal policy makers, and federal agencies that have authority over this issue to harmonize disparate federal cybersecurity regulations and normalize the federal regulatory audit process.

For additional information and to read Bo's testimony, click here.