Share

Top 5 Stories

News

FISMA inches closer to reform

30 April 2009

Legislation has been introduced into the US Senate that would reform existing cybersecurity regulations, just as federal CISOs condemned existing rules as out of touch with current security concerns.

 

Legislation has been introduced into the US Senate that would reform existing cybersecurity regulations, just as federal CISOs condemned existing rules as out of touch with current security concerns.

A bill introduced into the Senate, the US Information and Communications Enhancement Act of 2009, would reform the Federal Information Security Management Act (FISMA), legislation introduced in 2003 to force federal agencies to develop cybersecurity controls.
 
Introduced by Thomas Carper, the senator for Delaware, the new bill would also instigate a single cybersecurity office underneath the president to unify the cybersecurity effort.

The survey, conducted by (ISC)2, polled 40 CISOs working in federal agencies for their opinions on the effectiveness of the Federal cyber security effort. Although FISMA was generally viewed as having had a positive effect, two in five CSO is believed that it had become misdirected, or was a time wasting exercise. 


"The CISOs give high marks to guidance and assistance from NIST, and to a lesser extent NSA, but do not view OMB [Office of Management and Budget] and DHS [Department of Homeland Security] as highly effective leaders," the report said.


That is significant, because the Office of Management and Budget was the instigator of the Trusted Internet Connection program, which was mandated 18 months ago, as a means of reducing the number of touch points between federal networks and the public Internet. The report found that CISOs viewed the trusted Internet connection program as less successful than others.


The Department of Homeland Security has been viewed as the leader of the cyber security programme in the past year, since the Comprehensive National Cybersecurity Initiative (CNCI) was created in early 2008. However, Rod Beckstrom, head of the DHS's National Cybersecurity Center, left the organisation in March, citing a lack of resources.


CISOs support a shift to continuous monitoring, as opposed to FISMA's regular reports, which they view as bureaucratic. Only 9% of them viewed FISMA's reporting process as a resounding success.

 

 

This article is featured in:
Internet and Network Security  •  Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×