Calling for FISMA systems count

Rep. Janice Schakowsky (D-Ill.) intends to offer an amendment to a bill that is designed to give congressional oversight of information security a boost.

"There does seem to be one significant hole in this legislation," Schakowsky said, referring to the Federal Information Security Management Act (FISMA).

"As we learned in confronting the Y2K problem, we can't be sure all of the systems are fixed until we know where they all are," Schakowsky, ranking member of the House Government Reform Committee's Government Efficiency, Financial Management and Intergovernmental Relations Subcommittee, said in a statement May 2.

"The first thing most agencies had to do to prepare for the turn of the millennium was to create an inventory of all computer systems.... Very few agencies have kept the inventory current," she said.

The amendment would require all agencies to maintain an up-to-date inventory of their systems and to develop a plan to test every system during a five-year period.

"Awareness is where we begin with security," Ron Miller, the Federal Emergency Management Agency's chief information officer, said at a joint hearing on FISMA.

FISMA would update and extend the Government Information Security Reform Act of 2000, which expires Nov. 29. GISRA combined several federal security policies into a single law and mandated an annual assessment to track compliance.

"Continued authorization of federal information security legislation is essential to sustain agencies' efforts to implement good security practices and to identify and correct significant weaknesses," said Robert Dacey, director of information security at the General Accounting Office.

Under GISRA, agencies provide detailed security reports to the Office of Management and Budget, which then briefs Congress.

A GAO report released at the hearing made recommendations to OMB that include clarifying the scope of the review.

"I am not satisfied with our federal government's overall performance in securing our information infrastructure," said Rep. Tom Davis (R-Va.), who introduced FISMA March 6. "The bottom line is that we are still too vulnerable."

Under the bill, agencies would follow security standards set by the National Institute of Standards and Technology.

Benjamin Wu, the Commerce Department's deputy undersecretary for technology, spoke on behalf of NIST and said the agency is up to the task.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected