Senate committee approves FISMA bill

If ultimately passed, the measure would require agencies to continuously monitor and measure critical security controls. Among its provisions, the bill would amend the original FISMA law to create a chief information security officers council to establish best practices and guidelines; require the Homeland Security Department to conduct penetration tests against agency networks to identify vulnerabilities; and also identify information security standards to measure. Sen. Tom Carper (D-Del.), chairman of the committee’s Federal Financial Management, Government Information, Federal Services and International Security Subcommittee, introduced the bill. He said many agencies have turned FISMA compliance into a paperwork exercise. Security experts have said nation states that sponsor terrorism and other global cybercriminals have become more sophisticated in attacking government networks. At the same session, the committee also approved the Information Technology Investment Oversight Enhancement and Waste Prevention Act, S. 3384, which would increase oversight of information technology investments. Tje is deigned to help improve project planning for IT, head off problems in project implementation, provide early alerts when problems arise, and promote prompt corrective action. Carper and Sen. Susan Collins (R-Maine), the committee's ranking member, introduced the legislation. The bill is designed to fix weaknesses in IT procurement that the Government Accountability Office has identified. It will “reduce the risks that these important projects drag on far beyond deadlines, fail to deliver intended capabilities, or waste taxpayers' money," Collins said. The measure would also require each agency to provide independent cost estimates and regular progress reports to the agency's chief information officer and submit two annual reports to Congress on improving the goals and costs of all major IT investment projects, she said.