Reese spoke about disparate federal regulations and the impact to state government IT, highlighting the fact that these regulations encourage cybersecurity investments based on compliance and not risk, which is the more secure approach. Reese also spoke about how federal regulatory audits often produce inconsistent results. For instance, one state CISO reports receiving five different results from the IRS when they audited five state agencies, all auditing the same statewide information security policy.
We encourage state CIOs and CISOs to share their story about how the federal regulatory scheme impacts state IT priorities like IT consolidation/optimization or its impact to cybersecurity investments. NASCIO will continue to work with Senate HSGAC, federal policy makers, and federal agencies that have authority over this issue to harmonize disparate federal cybersecurity regulations and normalize the federal regulatory audit process.
For additional information and to read Bo's testimony, click here.