[117068] in North American Network Operators' Group
RE: Ready to get your federal computer license?
daemon@ATHENA.MIT.EDU (Sachs, Marcus Hans (Marc))
Mon Aug 31 14:07:28 2009
Date: Mon, 31 Aug 2009 14:06:56 -0400
In-Reply-To: <alpine.BSF.2.00.0908311220050.85863@nog.angryox.com>
From: "Sachs, Marcus Hans (Marc)" <marcus.sachs@verizon.com>
To: <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
It's not a proposed "license for computer users" but rather a proposal =
to license computer security professionals. Here is the draft bill =
text, so that we are all on the same sheet of music:
TITLE I-WORKFORCE DEVELOPMENT
SEC. 101. CERTIFICATION AND TRAINING OF CYBERSECURITY PROFESSIONALS.
(a) IN GENERAL.-Within 1 year after the date of enactment of this Act, =
the Secretary of Commerce, in consultation with relevant Federal =
agencies, industry sectors, and nongovernmental organizations, shall =
develop or coordinate and integrate a national certification, and =
periodic recertification program for cybersecurity professionals.
(b) TRAINING AND DEVELOPMENT.-The Secretary of Commerce, in =
consultation with relevant Federal agencies, industry sectors, and =
nongovernmental organizations, shall devise a strategy to improve, =
increase, and coordinate cybersecurity training across all sectors.
(c) FEDERAL EMPLOYEES.-The Secretary, in cooperation with the Director =
of the Office of Personnel Management and other Federal departments and =
agencies, shall develop and implement a plan to train cybersecurity =
professionals across the Federal government to ensure they achieve and =
maintain certification.
(d) CERTIFICATION.-Beginning 3 years after the date of enactment of =
this Act, it shall be unlawful for an individual who is not certified =
under the program to represent himself or herself as a cybersecurity =
professional.
(e) CERTIFIED SERVICE PROVIDER REQUIREMENT.-Notwithstanding any =
provision of law to the contrary, the head of a Federal agency may not =
use, or permit the use of, cybersecurity services for that agency that =
are not managed by a cybersecurity professional who is certified under =
the program. It is unlawful for the operator of an information system or =
network designated by the President, or the President's designee, as a =
critical infrastructure information system or network, to use, or permit =
the use of, cybersecurity services for that system or net work that are =
not managed by a cybersecurity professional who is certified under the =
program.
A question for the NANOG community - if this section were to only apply =
to US government employees would it be acceptable? In other words, =
strike any reference to the private sector (except perhaps for those in =
the private sector who are under contract to perform government work.)
Marc
--
Marcus H. Sachs, P.E. <marcus.sachs@verizon.com> =20
Executive Director, National Security and Cyber Policy =20
Office of Federal Government Relations =20
Verizon, 1300 I (eye) St. NW Suite 400 W =20
Washington, D.C. 20005 USA =20
tel +1 202 515 2463 fax +1 202 336 7921 =20
-----Original Message-----
From: Peter Beckman [mailto:beckman@angryox.com]=20
Sent: Monday, August 31, 2009 12:20 PM
To: Jason Jenisch
Cc: nanog@nanog.org; Hiers, David
Subject: Re: Ready to get your federal computer license?
On Mon, 31 Aug 2009, Jason Jenisch wrote:
> Hiers, David wrote:
>> =
http://sip-trunking.tmcnet.com/topics/security/articles/63218-bill-give-p=
resident-emergency-power-internet-raises-concerns.htm
> I must have missed something here... I cannot find in the article or =
the
> bill where it states or alludes to a federal computer license
> requirement for computer users.
"The proposal also includes a federal certification program for "cyber
security professionals," and a requirement that certain computer =
systems
and networks in the private sector be managed by people who receive =
that
license, CNET said."
-------------------------------------------------------------------------=
--
Peter Beckman Internet =
Guy
beckman@angryox.com =
http://www.angryox.com/
-------------------------------------------------------------------------=
--
