The House Oversight and Government Report Committee passed the Federal Information Security Amendments Act (HR 4257), which would overhaul the 10-year-old Federal Information Security Management Act (FISMA).
The bill would establish a mechanism for stronger oversight of federal IT system security through automated and continuous monitoring of cybersecurity threats and regular threat assessments.
It would also mandate the establishment of baseline security controls for federal agencies and provide agencies more authority to make decisions about off-the-shelf security products in their respective IT systems.
The legislation would retain authority of FISMA implementation with the Office of Management and Budget, putting the bill at odds with the White House’s comprehensive cybersecurity proposal and the Senate leadership-supported Cybersecurity Act, which would transfer authority to the Department of Homeland Security (DHS).
In addition, the House Homeland Security Committee approved an amended version of the Promoting and Enhancing Cybersecurity and Information Sharing Act (PRECISE Act), HR 3674.
The bill as passed by the cybersecurity subcommittee would encourage critical infrastructure companies to adopt cybersecurity best practices and would have given the DHS responsibility for safeguarding critical infrastructure cybersecurity.
However, the full committee stripped out the provision giving the DHS authority over the security of private sector-operated critical infrastructure, according to the Federal Times.