OMB proposes new FISMA performance metrics

OMB wants feedback on potential metrics

The Office of Management and Budget has detailed possible new metrics for agencies to use in the annual computer security reporting they do to comply with the Federal Information Security Management Act.

The proposed metrics “represent a new approach, which focuses on improving security, not just compliance,” according to a statement posted on the National Institute of Standards and Technology’s Web site. Requirements for FISMA compliance have been often criticized for being too focused on paperwork.

OMB asked that comments on the potential metrics be sent to OMB-Metrics@nist.gov by Jan. 4, 2010.

In the OMB’s report to Congress on agencies’ FISMA implementation during fiscal 2008, OMB said it would review the security metrics agencies use to report their compliance with FISMA and it may develop new metrics to improve the assurance of information security.

“These metrics should encourage agencies to take concrete steps to improve their security posture by implementing monitoring tools, strengthening areas such as identity and configuration management, and reporting on four new categories: remote access management, identity and access management, data level controls, real-time security awareness and management,” the statement, posted Dec. 8, said.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.