What is your e-mail address?
My e-mail address is:

Do you have a password?
Forgot your password? Click here
close

Close

FISMA bill could add $150 million to agencies' costs

Related Links

CBO report

S. 3474

FISMA 2.0 bill will strengthen cybersecurity, experts say

Senate panel rejects weakening FISMA bill

An information security bill in the Senate could add $150 million annually to agencies’ current expenses if it became law, a government report issued today estimates.

The Federal Information Security Management Act of 2008 (S. 3474), approved Oct. 1 by the Senate Homeland Security and Governmental Affairs Committee, would require agencies to perform additional audits and evaluations of the government’s information systems.

Based on information from the Office of Management and Budget and other agencies, the Congressional Budget Office estimated the new requirements would add two percent to three percent to current FISMA expenses, according to its report.

Agencies spent nearly $6 billion in fiscal 2007 on requirements related to FISMA, the report states.

Also, the CBO estimates it would take about four years to meet the legislation’s requirements for the approximately 10,000 federal computer systems currently operating. The CBO estimated that upgrades to meet those new requirements and authorities would increase costs by $40 million of the $150 million in 2009 and about $570 million from 2009 to 2013, according to the report.

The original FISMA law created a comprehensive framework to ensure agencies have secure controls over information supporting federal operations and assets.

In addition to current requirements, the bill would create a chief information security officer council to establish best practices and guidelines for securely maintaining information. The bill also would strengthen the role of each agency’s CISO by giving them additional authorities, would require standardized information security audits and would impose a variety of new reporting requirements. In addition, the Homeland Security Department would be required to test the security of government information systems.

With members of Congress focused on elections, the legislation has little, if any, chance of passage, but some observers have said it raises important issues.

About the Author

Matthew Weigelt is acquisition editor for Federal Computer Week.

Related Articles

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Related Webcasts

Related White Papers

Related Resources

eSeminar

  • The Top 100 Government Contractors NickWakeman_60

    Washington Technology Editor in Chief Nick Wakeman hosted an eSeminar, highlighting the magazine’s 17th annual Top 100 issue and the fears and hopes driving today’s market. Read more

More eSeminars

Federal Computer Week eNewsletters

  • Subscribe to Newsletters Subscribe

    Federal Computer Week's eNewsletters deliver the latest policy and management news to your inbox.