FISMA reform rides on defense spending's coattails

Passage aims for federal cybersecurity improvement through wholesale restructuring

The House has passed measures under the 2011 Defense Authorization spending bill to upgrade federal cybersecurity by improving the eight-year-old Federal Information Security Management Act (FISMA).

The cybersecurity-oriented amendment passed May 28 also pursues several other ways to streamline compliance and effective security.

Provisions that support FISMA reform include establishing a White House director for cyberspace and a federal cybersecurity practice board, both of which would help develop, update and implement federal cybersecurity guidelines and measures. That office and oversight board would also administer FISMA requirements and compliance, and be responsible for cybersecurity budgets and governmentwide coordination.

Although the White House cybersecurity office would have the authority to review civilian agencies’ information technology security budgets, it would be able only to make recommendations and could not issue orders. Also, the Defense Department and Central Intelligence Agency would be exempt from the White House office’s oversight.

Congressional moves to beef up federal cybersecurity come after years of complaints that FISMA’s goal of improving government network security is overshadowed by its paperwork-laden, procedural requirements.

In testimony in April on Capitol Hill, federal Chief Information Officer Vivek Kundra acknowledged that FISMA has lagged in truly improving federal IT security. “The FISMA measures reported on annually have led agencies to focus on compliance. However, we will never get to security through compliance alone,” he said.

Howard Schmidt, White House cybersecurity coordinator, said, “You can be compliant with FISMA but still not secure.” Schmidt added that he is working with Kundra and Office of Management and Budget Director Peter Orszag to make improvements. “We’re looking at turning that around so when you become secure, you become compliant,” Schmidt said at the U.S. Strategic Command Cyber Symposium in Omaha on May 28.

Reforming FISMA is just one of several parts of the defense spending bill amendment targeting security of government information systems.

Under the amendment, federal agencies would be required to start programs that continuously and automatically monitor their computer networks for cyber threats, and agencies would need to obtain annual, independent audits of in-house information security programs.

Government IT contractors and subcontractors would also face independent audits, and their contracts would include cybersecurity standards at inception. Those standards would be developed by the White House cybersecurity director’s office in conjunction with the National Institutes of Standards of Technology and the General Services Administration.

The amendment also calls for a White House office for the government’s chief technology officer.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.