Calling for FISMA systems count

Rep. Janice Schakowsky (D-Ill.) intends to offer an amendment to a bill that is designed to give congressional oversight of information security a boost.

"There does seem to be one significant hole in this legislation," Schakowsky said, referring to the Federal Information Security Management Act (FISMA).

"As we learned in confronting the Y2K problem, we can't be sure all of the systems are fixed until we know where they all are," Schakowsky, ranking member of the House Government Reform Committee's Government Efficiency, Financial Management and Intergovernmental Relations Subcommittee, said in a statement May 2.

"The first thing most agencies had to do to prepare for the turn of the millennium was to create an inventory of all computer systems.... Very few agencies have kept the inventory current," she said.

The amendment would require all agencies to maintain an up-to-date inventory of their systems and to develop a plan to test every system during a five-year period.

"Awareness is where we begin with security," Ron Miller, the Federal Emergency Management Agency's chief information officer, said at a joint hearing on FISMA.

FISMA would update and extend the Government Information Security Reform Act of 2000, which expires Nov. 29. GISRA combined several federal security policies into a single law and mandated an annual assessment to track compliance.

"Continued authorization of federal information security legislation is essential to sustain agencies' efforts to implement good security practices and to identify and correct significant weaknesses," said Robert Dacey, director of information security at the General Accounting Office.

Under GISRA, agencies provide detailed security reports to the Office of Management and Budget, which then briefs Congress.

A GAO report released at the hearing made recommendations to OMB that include clarifying the scope of the review.

"I am not satisfied with our federal government's overall performance in securing our information infrastructure," said Rep. Tom Davis (R-Va.), who introduced FISMA March 6. "The bottom line is that we are still too vulnerable."

Under the bill, agencies would follow security standards set by the National Institute of Standards and Technology.

Benjamin Wu, the Commerce Department's deputy undersecretary for technology, spoke on behalf of NIST and said the agency is up to the task.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.