How to Combat Duplicative and Conflicting Requests
At the same time, the COVID-19 pandemic has placed increased demands on state systems, applications and, most important, state workers. MissionSquare Research Institute reports that 36 percent of public sector employees have considered leaving government work because of the pandemic; given that, we must do everything we can to reduce stress on our workforce.
States have previously reported that responding to numerous federal audits with duplicative requests and conflicting requirements has taken hours of staff time. An already taxed state workforce cannot continue spending such a significant amount of time on something that can be improved.
Additionally, compliance with federal cybersecurity regulations is often duplicative and onerous, and has contributed to significant growth in financial costs for CIOs. While federal cybersecurity regulations may largely address the same controls and outcomes, they often differ in their specific requirements.
EXPLORE: How cybersecurity remains a top priority in a shifting landscape.
For example, almost everyone has had the experience of requesting a password reset, entering an incorrect password a handful of times, and getting a screen lockout at their computer workstation. Depending on the audit, the specific lockout time can vary widely from one agency to another — anywhere from 15 or 30 minutes to 60 minutes.
States are responsible for ensuring their own parallel security controls are in compliance across agencies, a seemingly contradictory and unending task. Further, when state data centers are audited for compliance, states receive inconsistent findings from federal auditors (despite reviewing the same IT environment), and these require costly corrections.