The final version of the technology modernization report by the White House’s American Technology Council and Office of American Innovation technology will be out shortly, acting federal Chief Information Officer Margie Graves said Wednesday.
Graves said at CyberTalks in Washington, D.C., that the Trump administration has incorporated comments from public stakeholders following the August release of the previous draft.
The process at the White House will wrap up “very shortly, I think at the end of this week,” she said. “So you will see the final come out very shortly. Once you set that strategy, and once you give people the indication of the direction that you are going, we need effective partnership from agencies and industry to actually execute.”
To that end, the White House is getting ready to implement the Modernizing Government Technology Act, though it’s still not finished in Congress. The bill, which would set up funding structures to allow agencies to reprogram unspent funding and apply it to IT modernization projects, has passed the House and passed the Senate as an amendment to the 2018 National Defense Authorization Act.
Graves said the Office of Management and Budget has been working on executing governance for the information technology modernization bill. The goal is to set up the funding structures for agencies quickly, as well as identifying the systems most in need of an upgrade.
“In order to do that, we’ve asked agencies for the last several years to start looking at their high-value assets to understand which ones are the ones that need to be protected most effectively and to make sure that those are in the best cyber posture possible,” she said.
Graves said that the administration has also developed templates for the requirements and criteria on which modernization projects would judged with MGT in place, as well as deployed mock boards to manage issues surrounding the governance process.
In the wake of the Equifax hack that exposed the personal information of 145.5 million Americans, the federal CIO also said that OMB has formed a working group with NIST to determine alternative identity verification structures that could be deployed more securely.
“We might work with industry to come up with alternate pathways,” she said. “That’s something where were are going to need a lot of engineering help. A lot of good brainstorming, good ideas that should come to the floor.”
Graves added that the collaboration with industry is starting to gel, spotlighted by the Continuous Diagnostic and Mitigation program at the Department of Homeland Security and NIST’s risk framework.
“If you were look at the umbrella we are creating here,” she said. “We are creating the standards so that they tie back to the actual intelligence that we have about what are the most critical vulnerabilities, how do you address them and what are the solutions that you bring to the equation to address them.”