Senate committee approves FISMA bill

The Senate Homeland Security and Governmental Affairs Committee on Sept. 23 approved the Federal Information Security Management Act, S. 3474, designed to strengthen the federal government’s ability to protect itself against cyberattacks and vulnerabilities. The Senate must now consider the legislation.


If ultimately passed, the measure would require agencies to continuously monitor and measure critical security controls.

Among its provisions, the bill would amend the original FISMA law to create a chief information security officers council to establish best practices and guidelines; require the Homeland Security Department to conduct penetration tests against agency networks to identify vulnerabilities; and also identify information security standards to measure.

Sen. Tom Carper (D-Del.), chairman of the committee’s Federal Financial Management, Government Information, Federal Services and International Security Subcommittee, introduced the bill. He said many agencies have turned FISMA compliance into a paperwork exercise.

Security experts have said nation states that sponsor terrorism and other global cybercriminals have become more sophisticated in attacking government networks.

At the same session, the committee also approved the Information Technology Investment Oversight Enhancement and Waste Prevention Act, S. 3384, which would increase oversight of information technology investments.

Tje is deigned to help improve project planning for IT, head off problems in project implementation, provide early alerts when problems arise, and promote prompt corrective action. Carper and Sen. Susan Collins (R-Maine), the committee's ranking member, introduced the legislation.

The bill is designed to fix weaknesses in IT procurement that the Government Accountability Office has identified. It will “reduce the risks that these important projects drag on far beyond deadlines, fail to deliver intended capabilities, or waste taxpayers' money," Collins said.

The measure would also require each agency to provide independent cost estimates and regular progress reports to the agency's chief information officer and submit two annual reports to Congress on improving the goals and costs of all major IT investment projects, she said. 

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.