OMB proposes new FISMA performance metrics

OMB wants feedback on potential metrics

The Office of Management and Budget has detailed possible new metrics for agencies to use in the annual computer security reporting they do to comply with the Federal Information Security Management Act.

The proposed metrics “represent a new approach, which focuses on improving security, not just compliance,” according to a statement posted on the National Institute of Standards and Technology’s Web site. Requirements for FISMA compliance have been often criticized for being too focused on paperwork.

OMB asked that comments on the potential metrics be sent to [email protected] by Jan. 4, 2010.

In the OMB’s report to Congress on agencies’ FISMA implementation during fiscal 2008, OMB said it would review the security metrics agencies use to report their compliance with FISMA and it may develop new metrics to improve the assurance of information security.

“These metrics should encourage agencies to take concrete steps to improve their security posture by implementing monitoring tools, strengthening areas such as identity and configuration management, and reporting on four new categories: remote access management, identity and access management, data level controls, real-time security awareness and management,” the statement, posted Dec. 8, said.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected