Reps. Billy Long (R-Missouri) and Doris Matsui (D-California) have introduced a bill to elevate the office the chief information security officer’s reporting structure at the Department of Health and Human Services as part of efforts to help HHS build up its cyber posture.
The House Energy and Commerce Committee said Tuesday the HHS Data Protection Act seeks to separate the CISO from its current designation under HHS’ chief information officer to help prioritize information security.
The committee said it based the bill recommendations from a December 2013 investigation of the Food and Drug Administration‘s data security after a breach on the agency’s two months prior.
The presidentially-appointed CISO would report to HHS’ Office of the Assistant Secretary for Administration and oversee information security programs across the department under the bill, Fedscoop reported Wednesday.
If passed, the legislation will require the HHS secretary to file a report on CISO’s plans to the House committee and its Senate committee counterpart a year after implementation, Fedscoop added.