Survey finds increased FISMA reporting demands

Results from a survey of federal chief information security officers to be released today indicate growing concerns about software quality and increased reporting demands to comply with federal information security laws.

The survey found that federal CISOs spend an average of 3.75 hours a day, or 23 percent more time than a year ago, on various security reporting activities required under the Federal Information Security Management Act (FISMA) of 2002.

A desire to have software vendors improve the quality of their code ranked as a top concern of the 29 federal CISOs who participated in the study. Intelligent Decisions, a systems integration company, conducted the research.

“People have dealt with systems administration security and the network security pretty well,” said Roy Stephan, cybersecurity director at Intelligent Decisions. “They’re moving on to the next great challenge, which is the code itself. They’re learning more about how exploits work.”

Exploits that take advantage of buffer overflows and other flaws in poorly coded software render database and Web servers insecure. Better software code could make a big difference in addressing the concerns of federal information security executives, Stephan said.

Intelligent Decisions also reported that federal CISOs expect three trends to gain momentum within the next year: expanded use of wireless networks, deployment of multifactor authentication and increased spending on database security.

Meanwhile, survey participants named as their top three security concerns the threat of network attacks, software patch management and FISMA compliance.

Despite concerns about network attacks, officials in more than half of the agencies that reported having wireless networks said they do not have basic security controls on those networks.


  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected