Governors and State CIOs seek collaboration with Office of Management and Budget to harmonize disparate federal cybersecurity regulations and normalize the audit process

LEXINGTON, Ky., Tuesday, November 7, 2017 — Yesterday, the National Governors Association (NGA) and the National Association of State Chief Information Officers (NASCIO) sought the engagement of the Office of Management and Budget’s (OMB) Office of Information and Regulatory Affairs (OIRA) to harmonize disparate and often conflicting federal cybersecurity regulations and normalize the audit process. 

In a letter to OMB Director Mick Mulvaney signed by NGA Homeland Security and Public Safety Committee Leadership and their respective state chief information officers (CIO), NGA and NASCIO highlighted the regulatory burden faced by state governments when attempting to consolidate/optimize state government IT. State governments must comply with a long list of federal cybersecurity regulations that were promulgated in a silo-ed fashion which led to disparate compliance rules and duplicative audits by multiple federal agencies. 

The federal IT compliance environment hampers the work of state CIOs who seek to bring cost savings to the state by operating state government IT as a unified, single entity or “enterprise.” The letter references the Senate Homeland Security and Governmental Affairs Committee hearing in June 2017 when Oklahoma CIO Bo Reese, then vice president now president of NASCIO, testified on the $286 million savings he brought to the state through IT consolidation/optimization. Reese stated during the hearing that compliance with federal cybersecurity regulations served as a large implement to the IT consolidation/optimization process. 

Regarding the letter, Reese stated: “We are extremely pleased to have the support of NGA and eagerly look forward to working with our federal partners to collectively craft a solution that secures citizen data while also being more efficient both in process and cost.”