State

‘Harmonizing’ federal regulations NASCIO’s top advocacy priority for 2019

The group says slowly making progress on the multi-year effort to simplify the rules state IT offices must comply with.

January 24, 2019

(Colin Wood / Scoop News Group)

The National Association of State Chief Information Officers released its federal advocacy priorities for 2019 on Wednesday, with the organization’s push to streamline federal regulations topping the list again.

For the past two years, NASCIO has been pushing for the federal government to “harmonize” the many conflicting regulations states must comply with, and to standardize audit processes. The organization says conflicting regulations led one of its member states to receive five different outcomes from five separate audits of the same computer system, while another state reported spending 4,000 hours responding to a single federal audit.

Regulations imposed by various federal agencies often clash with each another, creating confusion for state IT offices. The IRS, FBI and Social Security Administration, for example, each hold different requirements for how states are supposed to handle unsuccessful login attempts to a secure computer system.

NASCIO’s Meredith Ward told StateScoop that states aren’t claiming to be an authority where audits and federal regulations are concerned, but rather are asking the federal government to select a single set of rules as a “gold standard” that can simplify the process for everyone.

She said some progress has been made these past two years in bringing the issue to the attention of lawmakers in Washington, but that progress has been slow. Oklahoma state Chief Information Officer Bo Reese spoke before the House Oversight Intergovernmental Affairs Subcommittee last July to make NASCIO’s case for simplified regulations.

“I think we’ve made some good strides, but it’s definitely something we’re going to have to keep working on,” Ward said.

The group’s list contains two other advocacy priorities. One is to “continue meaningful state CIO/CISO participation in FEMA’s Senior Advisory Committee and Urban Area Working Group.” Last May, the Federal Emergency Management Agency announced that state CIOs and CISOs would for the first time be included in the governance process for national cybersecurity and emergency preparedness programs.

NASCIO’s third advocacy priority for 2019 is to “recognize state authority and ongoing innovation with emerging technology.” Blockchain technology is one of the most recent examples of an emerging technology that state government has taken an interest in regulating and using. In November’s election, 144 West Virginians living abroad used a blockchain-based mobile app to cast their votes as part of an experimental program.

But getting a handle on the dozens of overlapping and conflicting regulations will be the organization’s top priority in the coming year, just as it was in 2018, Ward said.

“It’s something we hear so much from our CIOs and CISOs,” Ward said. “If you look at the hours and hours states spend on this, it’s really daunting. It’s really a matter of how do you get everybody running in one direction.”