Legislation has been introduced into the US Senate that would reform existing cybersecurity regulations, just as federal CISOs condemned existing rules as out of touch with current security concerns.
Introduced by Thomas Carper, the senator for Delaware, the new bill would also instigate a single cybersecurity office underneath the president to unify the cybersecurity effort.
The survey, conducted by (ISC)2, polled 40 CISOs working in federal agencies for their opinions on the effectiveness of the Federal cyber security effort. Although FISMA was generally viewed as having had a positive effect, two in five CSO is believed that it had become misdirected, or was a time wasting exercise.
"The CISOs give high marks to guidance and assistance from NIST, and to a lesser extent NSA, but do not view OMB [Office of Management and Budget] and DHS [Department of Homeland Security] as highly effective leaders," the report said.
That is significant, because the Office of Management and Budget was the instigator of the Trusted Internet Connection program, which was mandated 18 months ago, as a means of reducing the number of touch points between federal networks and the public Internet. The report found that CISOs viewed the trusted Internet connection program as less successful than others.
The Department of Homeland Security has been viewed as the leader of the cyber security programme in the past year, since the Comprehensive National Cybersecurity Initiative (CNCI) was created in early 2008. However, Rod Beckstrom, head of the DHS's National Cybersecurity Center, left the organisation in March, citing a lack of resources.
CISOs support a shift to continuous monitoring, as opposed to FISMA's regular reports, which they view as bureaucratic. Only 9% of them viewed FISMA's reporting process as a resounding success.