Issa Unveils Draft Bill to Reform FISMA
Provisions Formalize CISO Post among Federal AgenciesThe chairman of the House Oversight and Government Reform Committee unveiled March 23 draft legislation to update the 8-year-old Federal Information Security Management Act.
See Also: Forrester Report |The Total Economic Impact™ Of Palo Alto Networks Prisma Cloud
Among the provisions of the draft, presented by Rep. Darrell Issa, R-Calif., is the formalization of the post of chief information security officer within federal departments and agencies.
According to Issa, the draft legislation, to be known as the Federal Information Security Amendments Act of 2012, would establish a mechanism for stronger oversight through a focus on automated and continuous monitoring of cybersecurity threats and conducting regular threat assessments.
Issa said federal agencies struggle with cybersecurity threats, and this update to FISMA would incorporate the last decade of technological innovation, while also addressing FISMA shortcomings realized over the past years. "FISMA had become a compliance activity, even at times when compliance appeared to supersede security," Issa's statement says.
Unlike the more comprehensive Cybersecurity Act of 2012 from the leaders of the Senate Homeland Security and Governmental Affairs Committee and the SECURE IT Act from a group of leading Republican senators [see Compromise in Air over Cyber Bill], the Federal Information Security Amendments Act of 2012 is more narrowly focused on FISMA reform, and does not address areas of potential conflict such as whether or not to regulate the mostly private owners of the nation's critical IT infrastructure.
Issa says the draft represents a culmination of work by the Oversight Committee under Democratic and Republican leaders with substantial contributions from individuals working in government and the private sector.