Data security standards for government and private sector

The Cybersecurity act of 2009, which enforces data security standards for government and private sector, was introduced yesterday. Here is a quick summary of the act.

The act proposes -

* creation of a national cybersecurity advisory office/panel, a group that will advise the President on all aspects of the federal cybersecurity strategy

* creation of new state and regional cybersecurity centers to assist small and midsize companies on information security matters

* development of a cybersecurity licensing and certification program by the Department of Commerce

* creation of a cybersecurity dashboard that can provide real-time information on security threats and vulnerabilities all federal systems.

It also empowers -

* the President to act on the international stage to develop norms and, hence, improve cybersecurity.

* the NIST to establish security standards for computer information systems run by government agencies, contractors, and businesses that support critical infrastructure services, such as banking and power systems.

Last, but not the least, it requires federal agencies, contractors and private-sector supporting critical infrastructure networks to comply with NIST's new security standards.