An Open Letter to the United States Congress
Submitted by Jim McConnell | Trophy Club, Denton County, Texas
To the Honorable Members of the United States Congress:
Thank you for your continued service and dedication to the American people.
Professional Background
I am a private security professional with 35+ years of experience in converged security — encompassing Physical Security, Cyber Security, Executive Protection, Supply Chain Security, Insider Threat, Fraud, and Investigations. I have led enterprise security programs and served clients across approximately 15 countries. I hold professional certifications including CISSP, CISA, CISM, CFE, and PCI, and I am the published author of two books on security program metrics and a contributor to an active IETF Internet-Draft on software lifecycle standards.
I write not as a lobbyist or industry representative, but as a voting citizen and security professional who believes transparency and measurable accountability are foundational to protecting the American people.
The Problem: Unmeasured Security is Unmanaged Security
Federal departments and agencies are responsible for securing critical infrastructure, sensitive data, and the safety of American citizens. Yet no standardized, publicly available mechanism exists for measuring, reporting, or comparing the maturity of their security and fraud programs. Without measurable benchmarks, congressional oversight is limited to anecdote and incident response — reactive rather than proactive.
The question we should be asking is not “Was there a breach?” but “What is the measurable maturity of our security programs — and is it improving quarter over quarter?”
The Proposal: Mandated Security Metrics Reporting
I respectfully propose legislation requiring all federal departments and agencies to:
- Assess and publicly report the maturity of their converged security and fraud programs using measurable, standards-aligned metrics — such as percentage compliance with NIST frameworks or equivalent guidelines.
- Update and publish these metrics quarterly, in formats accessible to the public, Congress, and oversight bodies.
- Subject all reports to independent audit by the Government Accountability Office (GAO) or agency Inspectors General.
This framework would:
- Increase transparency and public accountability across all federal agencies
- Enable data-driven appropriations and budget decisions
- Shift congressional hearings from reactive testimony to measurable trend analysis
- Standardize FOIA baselines and reduce reporting burden over time
- Drive downstream security compliance throughout the federal supply chain
Simple visual reporting — color-coded dashboards showing agency progress quarter over quarter — would make this data accessible to legislators, staff, oversight bodies, and the public alike.
Proposed Legislation
I respectfully suggest this initiative be named the Joint Interagency Measurable Security (J.I.M.S.) Act — reflecting its scope across all federal departments and agencies, and its foundation in measurable, standards-based accountability.
Next Steps
I welcome the opportunity to discuss this proposal with any member of Congress or their staff. I am available for briefings, working sessions, or planning discussions at your convenience.
Respectfully submitted,
Jim McConnell, CISSP · CISA · CISM · CFE · PCI
Principal, Ask McConnell, LLC
Trophy Club, Denton County, Texas
Voting Citizen
Terminology Note: Throughout this letter I use United States-specific terms such as “Congress,” “Departments,” and “GAO.” The underlying framework — measurable, publicly reported security program metrics — is applicable to other government structures and international systems as well.