FISMA fosters fixes on IT security front

The Federal Information Security Management Act, passed in 2002, is now the propelling force behind the government’s efforts to improve IT security.

Rank-and-file federal IT managers in a GCN telephone survey were unquestionably feeling the impact of FISMA.

“Our biggest challenge in the next 12 to 24 months is completing FISMA requirements,” said a Social Security Administration IT specialist in Baltimore.

In the survey, 92 percent of managers reported that their agencies are making progress on accreditation and certification, as well as other mandates.

For instance, 91 percent said their agencies had done a full inventory of IT assets, as required by FISMA.

Another 94 percent reported that their agencies had senior information security officers, another FISMA stipulation.

Managers we talked with expressed a variety of concerns about IT security, most naming viruses, worms and hackers as major threats.

“We need to stay on top of malicious codes,” said a computer specialist at the Defense Information Systems Agency in Falls Church, Va.

Viruses and worms

“Software inventors are a threat because viruses and worms can cost us a lot of money, data and recovery time,” said an information systems analyst at the General Accounting Office in Washington.

“Hackers are our biggest security concern,” added an Interior Department IT manager in Salt Lake City.

Managers also identified other sources of security worries, including user carelessness and malevolence.

“Uninformed users keep me up at night,” said a Census Bureau IT specialist in White Plains, Md.

“Unauthorized users gaining access to unattended workstations remain a threat,” said a Postal Service information systems technician in Shreveport, La.

For some, proper training offers the best bet to avert such perils. “We need to find time to educate our people about security,” said a Bankruptcy Court systems manager in Des Moines, Iowa.

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.