It's not a proposed "license for computer users" but rather a proposal to license computer security professionals. Here is the draft bill text, so that we are all on the same sheet of music:
TITLE I-WORKFORCE DEVELOPMENT SEC. 101. CERTIFICATION AND TRAINING OF CYBERSECURITY PROFESSIONALS. (a) IN GENERAL.-Within 1 year after the date of enactment of this Act, the Secretary of Commerce, in consultation with relevant Federal agencies, industry sectors, and nongovernmental organizations, shall develop or coordinate and integrate a national certification, and periodic recertification program for cybersecurity professionals. (b) TRAINING AND DEVELOPMENT.-The Secretary of Commerce, in consultation with relevant Federal agencies, industry sectors, and nongovernmental organizations, shall devise a strategy to improve, increase, and coordinate cybersecurity training across all sectors. (c) FEDERAL EMPLOYEES.-The Secretary, in cooperation with the Director of the Office of Personnel Management and other Federal departments and agencies, shall develop and implement a plan to train cybersecurity professionals across the Federal government to ensure they achieve and maintain certification. (d) CERTIFICATION.-Beginning 3 years after the date of enactment of this Act, it shall be unlawful for an individual who is not certified under the program to represent himself or herself as a cybersecurity professional. (e) CERTIFIED SERVICE PROVIDER REQUIREMENT.-Notwithstanding any provision of law to the contrary, the head of a Federal agency may not use, or permit the use of, cybersecurity services for that agency that are not managed by a cybersecurity professional who is certified under the program. It is unlawful for the operator of an information system or network designated by the President, or the President's designee, as a critical infrastructure information system or network, to use, or permit the use of, cybersecurity services for that system or net work that are not managed by a cybersecurity professional who is certified under the program. A question for the NANOG community - if this section were to only apply to US government employees would it be acceptable? In other words, strike any reference to the private sector (except perhaps for those in the private sector who are under contract to perform government work.) Marc -- Marcus H. Sachs, P.E. <marcus.sa...@verizon.com> Executive Director, National Security and Cyber Policy Office of Federal Government Relations Verizon, 1300 I (eye) St. NW Suite 400 W Washington, D.C. 20005 USA tel +1 202 515 2463 fax +1 202 336 7921 -----Original Message----- From: Peter Beckman [mailto:beck...@angryox.com] Sent: Monday, August 31, 2009 12:20 PM To: Jason Jenisch Cc: nanog@nanog.org; Hiers, David Subject: Re: Ready to get your federal computer license? On Mon, 31 Aug 2009, Jason Jenisch wrote: > Hiers, David wrote: >> http://sip-trunking.tmcnet.com/topics/security/articles/63218-bill-give-president-emergency-power-internet-raises-concerns.htm > I must have missed something here... I cannot find in the article or the > bill where it states or alludes to a federal computer license > requirement for computer users. "The proposal also includes a federal certification program for "cyber security professionals," and a requirement that certain computer systems and networks in the private sector be managed by people who receive that license, CNET said." --------------------------------------------------------------------------- Peter Beckman Internet Guy beck...@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------
