States push feds to ‘harmonize’ cybersecurity regulations in 2018

New advocacy priorities released by the National Association of State Chief Information Officers shows a continued push for simplified regulations.

New federal advocacy priorities released by the National Association of State Chief Information Officers (NASCIO) reveal that state government is continuing its push in 2018 for simplified security and privacy regulations.

The top item on the list, released Thursday, continues a formal request by NASCIO and the National Governors Association in November that the Office of Management and Budget “harmonize” the federal government’s disjointed and sometimes conflicting collection of regulations.

NASCIO President Bo Reese — Oklahoma’s chief information officer — notes in an official statement that the $351 million his state has realized in IT savings and cost avoidance through a consolidation and optimization project was made challenging by the “voluminous” regulations the state was required to follow.

States must follow regulations set by a wide range of federal agencies, including the IRS, FBI, the Social Security Administration, the U.S. Department of Labor and others. States that fail to meet requirements set by the FBI’s Criminal Justice Information Services Security Policy, for example, could find themselves cut out of information sharing agreements.


The group’s director of government affairs, Yejin Cooke, told StateScoop that harmonizing federal regulations was given top billing this year because it’s an issue that deserves more attention from the federal government.

According to NASCIO’s research, the disparate structure of the federal government’s auditing process is disruptive to the efficiency gains sought by state government technology offices. In one instance, a state received different outcomes from five federal auditors who each reviewed the same IT environment. In another case, the group reports that a state was required to spend 4,000 hours responding to a single audit. NASCIO didn’t name the states.

“It doesn’t make a whole lot of sense to us that federal regulations are serving as a barrier to the goals that state CIOs want to achieve in state government,” Cooke said. “We want to work with them on a solution that would be viable for both parties.”

NASCIO’s three federal advocacy priorities for 2018 are:

  1. Harmonize disparate federal cybersecurity regulations and normalize the audit process.
  2. Recognize state authority and ongoing innovation with emerging technology.
  3. Information sharing and safeguards: meeting citizen expectations.

In November, NASCIO and NGA requested that the federal government create a single point of contact for cybersecurity regulations to ensure standardization across government and simplify the process. NASCIO has since formed a working group that it says is now working with federal partners.

Latest Podcasts