Agencies ready for real-time FISMA reporting tool, federal CIO reports

Federal agencies say they are ready for next month’s shift to real-time reporting of cybersecurity compliance, J. Nicholas Hoover writes in InformationWeek.

The CyberScope compliance tool, scheduled to go live Nov. 15, will replace annual paper reports on compliance with Federal Information Security Management Act requirements with automated feeds of systems status that will be correlated by the Homeland Security Department.

“All agencies required to report will definitely be able to report by Nov. 15,” Matt Coose, director of the federal network security branch of DHS’ National Cybersecurity Division, told InformationWeek.

Related:

Can agency systems handle new FISMA requirements?

Whitepaper: CyberScope and Tighter Cybersecurity Reporting Requirements: Are You Ready?

The assurances of agency readiness by Coose and Federal CIO Vivek Kundra came despite a recent MeritTalk survey that raised questions about progress toward using CyberScope.

The survey, taken in July, found that only 15 percent of federal IT leaders had used CyberScope, which has been in place since the White House announced the new FISMA requirements in April. And of those who hadn’t used the tool, 90 percent said they did not have a clear understanding of its requirements.

When announcing the requirements, Kundra acknowledged that some agencies did not have adequate systems in place for using CyberScope, and that they would have to invest in new online tools.

Ultimately, the new program is intended to save money by eliminating the manual-paper-based process of producing reports and replacing it with the automated process.