Perhaps it's intended to be a workaround to the current problem with a lot of government IT Security: The (big) contractors are told to follow IT security guidelines, at which point they point back to their contract and say "That's not in the statement of work, lets renegotiate the contract and cost it out." Jack Bates wrote:
Peter Beckman wrote:
"The proposal also includes a federal certification program for "cyber security professionals," and a requirement that certain computer systems and networks in the private sector be managed by people who receive that license, CNET said."
Presumably, this is to increase security of private sector networks that interconnect with government networks and high risk networks such as banks and utilities. Presumably it wouldn't mandate the social networking, ESP/ISP sectors.
Jack