Rep. Darrel Issa (R-Calif.) and Rep. Elijah Cummings (D-Md.) have introduced legislation, the Federal Information Security Amendments Act (HR 4257) that would establish a mechanism for stronger oversight of federal IT system security through a focus on automated and continuous monitoring of cybersecurity threats and regular threat assessments.
The 10-year-old FISMA has become a compliance activity, rather than a measure to improve the federal government’s cybersecurity, charged Issa in introducing the bill. Issa is chairman of the House Oversight and Government Report Committee; Cummings is the ranking Democrat on that committee.
The bill also would mandate the establishment of baseline security controls for federal agencies and provide agencies more authority to make decisions off-the-shelf security products in their respective IT systems.
Perhaps the most interesting aspect of the bill is that it would retain authority for FISMA implementation with the Office of Management and Budget (OMB). This would put the bill at odds with the Senate leadership-backed Cybersecurity Act, which would transfer authority for FISMA implementation to the Department of Homeland Security.
The Senate legislation appears to be stalled in the Senate over disagreements with key Republicans, including Sen. John McCain (R-Ariz.), who introduced competing legislation earlier this month.