Calling for FISMA systems count
- By Megan Lisagor
- May 03, 2002
Rep. Janice Schakowsky (D-Ill.) intends to offer an amendment to a bill that is designed to give congressional oversight of information security a boost.
"There does seem to be one significant hole in this legislation," Schakowsky said, referring to the Federal Information Security Management Act (FISMA).
"As we learned in confronting the Y2K problem, we can't be sure all of the systems are fixed until we know where they all are," Schakowsky, ranking member of the House Government Reform Committee's Government Efficiency, Financial Management and Intergovernmental Relations Subcommittee, said in a statement May 2.
"The first thing most agencies had to do to prepare for the turn of the millennium was to create an inventory of all computer systems.... Very few agencies have kept the inventory current," she said.
The amendment would require all agencies to maintain an up-to-date inventory of their systems and to develop a plan to test every system during a five-year period.
"Awareness is where we begin with security," Ron Miller, the Federal Emergency Management Agency's chief information officer, said at a joint hearing on FISMA.
FISMA would update and extend the Government Information Security Reform Act of 2000, which expires Nov. 29. GISRA combined several federal security policies into a single law and mandated an annual assessment to track compliance.
"Continued authorization of federal information security legislation is essential to sustain agencies' efforts to implement good security practices and to identify and correct significant weaknesses," said Robert Dacey, director of information security at the General Accounting Office.
Under GISRA, agencies provide detailed security reports to the Office of Management and Budget, which then briefs Congress.
A GAO report released at the hearing made recommendations to OMB that include clarifying the scope of the review.
"I am not satisfied with our federal government's overall performance in securing our information infrastructure," said Rep. Tom Davis (R-Va.), who introduced FISMA March 6. "The bottom line is that we are still too vulnerable."
Under the bill, agencies would follow security standards set by the National Institute of Standards and Technology.
Benjamin Wu, the Commerce Department's deputy undersecretary for technology, spoke on behalf of NIST and said the agency is up to the task.