LEXINGTON, Ky., Tuesday, April 27, 2021 — The National Association of State Chief Information Officers (NASCIO), the Center for Internet Security (CIS) and the National Association of State Procurement Officials (NASPO) today released Buyer Be Aware: Integrating Cybersecurity into the Acquisition Process. The publication addresses steps state governments should take to ensure cybersecurity is an integral part of the acquisition process.

NASCIO President and New Hampshire Commissioner and CIO Denis Goulet commented, “too often state chief information security officers aren’t consulted about an IT procurement until the end of the process. State CISOs are charged with reducing cybersecurity risk to state governments and cannot be pressured to simply ‘check a box’ when it comes to cybersecurity. The risks are just too great.”

As the publication notes, cybersecurity functions in state government are increasingly being outsourced, however, confidence in third-party vendors is decreasing. Additionally, major cyber incidents in the past year have called into question the security of commonly used software and the COVID-19 pandemic reinforced the importance of supply chain security.

“Managing cybersecurity risk in your organization requires an enterprise and IT level focus on best practices for your systems as well as everything you bring in to integrate with those systems,” said Mike Garcia, Senior Advisor for Cybersecurity for the Center for Internet Security. “The latter means building security into the procurement process by involving the CISO from the beginning and holding vendors to the same standards that you apply to your own organization. Widely accepted and actionable guidance, like the CIS Controls and CIS Benchmarks, are freely available to help all organizations make wise investments during procurements and beyond.”

The publication also calls for a strong partnership between the CIO office, CISO office, procurement office, state agencies and the private sector. Neither the acquisition process nor cybersecurity are trivial components of state government which makes it all the more important that the two are integrated. Anything less than full integration and acceptance of the importance of the two quite simply puts states at a much higher risk.

“Procuring technology is an essential part of the work of our state procurement officer members. It is important for our members to be able to partner with their CIOs, CISOs and agency customers to successfully conduct IT procurements. Those partnerships allow state procurement to understand the software and security elements needed as well as ensure that all specific purchasing requirements are met throughout the process,” said NASPO Chief Executive Officer, Lindle Hatton.

Finally, the publication includes a list of recommendations aimed at assisting state governments in fully integrating cybersecurity into the acquisition process.

LEXINGTON, Ky., Thursday, January 28, 2021 — The National Association of State Chief Information Officers (NASCIO) has again announced its support of Data Privacy Day ‒ an international effort held annually on January 28 to create awareness about the importance of respecting privacy, safeguarding data and enabling trust – by signing up as a Data Privacy Day 2021 Champion. As a Champion, NASCIO recognizes and supports the principle that all organizations share the responsibility of being conscientious stewards of personal information.

Data Privacy Day is an international effort to empower individuals and encourage businesses to respect privacy, safeguard data and enable trust. NASCIO joins the growing global effort among nonprofits, academic institutions, corporations, government entities, municipalities and individuals to raise awareness at home, at work and school and in their communities. Through collaboration and unified, consistent messaging about privacy and protecting personal information, all Data Privacy Day Champions are working toward the common goal of improving individual and business consciousness toward respecting privacy, safeguarding data and enabling trust.

The official theme for the 2021 Data Privacy Day is “Data Privacy in an Era of Change.” Data Privacy Day 2021 will “look at privacy through the lens of the various changes we’ve faced in the past year, and will not only provide a survey of the current privacy landscape, but expert insights on where we as individuals and organizations can improve.”  For more information about Data Privacy Day, which is officially led by the National Cyber Security Alliance (NCSA), visit https://staysafeonline.org/event/data-privacy-day-2021/.

LEXINGTON, Ky., Tuesday, January 12 — The National Association of State Chief Information Officers (NASCIO) today announced new officers and directors for its Executive Committee. Michael Leahy, Secretary of Information Technology for the State of Maryland, will now be the association’s Vice President and Stephanie Dedmon, State Chief Information Officer for the State of Tennessee, will now be the association’s Secretary/Treasurer. Additionally, Fred Brittain, Chief Information Officer for the State of Maine and J.R. Sloan, Chief Information Officer for the State of Arizona, will be joining NASCIO’s Executive Committee as new directors filling vacancies for the remainder of the program year.

NASCIO’s 2020-21 Executive Committee leaders are:

President
Denis Goulet, Commissioner and CIO, State of New Hampshire

Vice-President
Michael Leahy, Secretary of Information Technology, State of Maryland

Secretary/Treasurer
Stephanie Dedmon, State Chief Information Officer, Tennessee

Executive Committee Directors:
Fred Brittain, CIO, State of Maine
John MacMillan, CIO, Commonwealth of Pennsylvania
Nelson Moe, CIO, Commonwealth of Virginia
John Quinn, CIO, State of Vermont
Mark Raymond, CIO, State of Connecticut
Ervan Rodgers, CIO, State of Ohio
J.R. Sloan, CIO, State of Arizona
James Weaver, CIO, State of Washington
Greg Zickau, CIO, State of Idaho

Rick Webb, ex officio
Ron Baldwin, ex officio