Ready to get your federal computer license?

Sachs, Marcus Hans (Marc) marcus.sachs at verizon.com
Mon Aug 31 13:06:56 CDT 2009


It's not a proposed "license for computer users" but rather a proposal to license computer security professionals.  Here is the draft bill text, so that we are all on the same sheet of music:


TITLE I-WORKFORCE DEVELOPMENT

SEC. 101. CERTIFICATION AND TRAINING OF CYBERSECURITY PROFESSIONALS.

 (a) IN GENERAL.-Within 1 year after the date of enactment of this Act, the Secretary of Commerce, in consultation with relevant Federal agencies, industry sectors, and nongovernmental organizations, shall develop or coordinate and integrate a national certification, and periodic recertification program for cybersecurity professionals.

 (b) TRAINING AND DEVELOPMENT.-The Secretary of Commerce, in consultation with relevant Federal agencies, industry sectors, and nongovernmental organizations, shall devise a strategy to improve, increase, and coordinate cybersecurity training across all sectors.

 (c) FEDERAL EMPLOYEES.-The Secretary, in cooperation with the Director of the Office of Personnel Management and other Federal departments and agencies, shall develop and implement a plan to train cybersecurity professionals across the Federal government to ensure they achieve and maintain certification.

 (d) CERTIFICATION.-Beginning 3 years after the date of enactment of this Act, it shall be unlawful for an individual who is not certified under the program to represent himself or herself as a cybersecurity professional.

 (e) CERTIFIED SERVICE PROVIDER REQUIREMENT.-Notwithstanding any provision of law to the contrary, the head of a Federal agency may not use, or permit the use of, cybersecurity services for that agency that are not managed by a cybersecurity professional who is certified under the program. It is unlawful for the operator of an information system or network designated by the President, or the President's designee, as a critical infrastructure information system or network, to use, or permit the use of, cybersecurity services for that system or net work that are not managed by a cybersecurity professional who is certified under the program.


A question for the NANOG community - if this section were to only apply to US government employees would it be acceptable?  In other words, strike any reference to the private sector (except perhaps for those in the private sector who are under contract to perform government work.)


Marc

--
Marcus H. Sachs, P.E.  <marcus.sachs at verizon.com>    
Executive Director, National Security and Cyber Policy       
Office of Federal Government Relations    
Verizon, 1300 I (eye) St. NW Suite 400 W    
Washington, D.C.  20005  USA    
tel +1 202 515 2463  fax +1 202 336 7921       

-----Original Message-----
From: Peter Beckman [mailto:beckman at angryox.com] 
Sent: Monday, August 31, 2009 12:20 PM
To: Jason Jenisch
Cc: nanog at nanog.org; Hiers, David
Subject: Re: Ready to get your federal computer license?

On Mon, 31 Aug 2009, Jason Jenisch wrote:

> Hiers, David wrote:
>> http://sip-trunking.tmcnet.com/topics/security/articles/63218-bill-give-president-emergency-power-internet-raises-concerns.htm
> I must have missed something here... I cannot find in the article or the
> bill where it states or alludes to a federal computer license
> requirement for computer users.

  "The proposal also includes a federal certification program for "cyber
  security professionals," and a requirement that certain computer systems
  and networks in the private sector be managed by people who receive that
  license, CNET said."

---------------------------------------------------------------------------
Peter Beckman                                                  Internet Guy
beckman at angryox.com                                 http://www.angryox.com/
---------------------------------------------------------------------------





More information about the NANOG mailing list