FISMA reform rides on defense spending's coattails

Passage aims for federal cybersecurity improvement through wholesale restructuring

The House has passed measures under the 2011 Defense Authorization spending bill to upgrade federal cybersecurity by improving the eight-year-old Federal Information Security Management Act (FISMA).

The cybersecurity-oriented amendment passed May 28 also pursues several other ways to streamline compliance and effective security.

Provisions that support FISMA reform include establishing a White House director for cyberspace and a federal cybersecurity practice board, both of which would help develop, update and implement federal cybersecurity guidelines and measures. That office and oversight board would also administer FISMA requirements and compliance, and be responsible for cybersecurity budgets and governmentwide coordination.

Although the White House cybersecurity office would have the authority to review civilian agencies’ information technology security budgets, it would be able only to make recommendations and could not issue orders. Also, the Defense Department and Central Intelligence Agency would be exempt from the White House office’s oversight.

Congressional moves to beef up federal cybersecurity come after years of complaints that FISMA’s goal of improving government network security is overshadowed by its paperwork-laden, procedural requirements.

In testimony in April on Capitol Hill, federal Chief Information Officer Vivek Kundra acknowledged that FISMA has lagged in truly improving federal IT security. “The FISMA measures reported on annually have led agencies to focus on compliance. However, we will never get to security through compliance alone,” he said.

Howard Schmidt, White House cybersecurity coordinator, said, “You can be compliant with FISMA but still not secure.” Schmidt added that he is working with Kundra and Office of Management and Budget Director Peter Orszag to make improvements. “We’re looking at turning that around so when you become secure, you become compliant,” Schmidt said at the U.S. Strategic Command Cyber Symposium in Omaha on May 28.

Reforming FISMA is just one of several parts of the defense spending bill amendment targeting security of government information systems.

Under the amendment, federal agencies would be required to start programs that continuously and automatically monitor their computer networks for cyber threats, and agencies would need to obtain annual, independent audits of in-house information security programs.

Government IT contractors and subcontractors would also face independent audits, and their contracts would include cybersecurity standards at inception. Those standards would be developed by the White House cybersecurity director’s office in conjunction with the National Institutes of Standards of Technology and the General Services Administration.

The amendment also calls for a White House office for the government’s chief technology officer.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.