FISMA reform is finally headed to the White House for signing. Although the legislation may not be perfect, it is nice to see forward progress. Unfortunately, the hard part is next … the actual implementation. Will agencies find a way to botch this well meaning piece of legislation and turn in into another bureaucratic checkbox exercise? Only time will tell … but my bet is on the latter.
For the first time in 12 years, Congress has passed and sent to the White House major cybersecurity legislation, including an update to the law that governs federal government information security.
The House on Dec. 10 and 11 approved four Senate-passed cybersecurity-related bills – one to reform the Federal Information Security Management Act, another to help the Department of Homeland Security recruit and retain qualified IT security personnel and a third to codify an existing cybersecurity and communications operations center at DHS. A fourth bill, the Cybersecurity Workforce Assessment Act, passed the Senate as a substitute amendment Dec. 10. The House passed the amended bill that would assess the future DHS cybersecurity workforce on Dec. 11.
The last time Congress enacted significant cybersecurity legislation was the passage of FISMA in 2002.
Known as the Federal Information Security Modernization Act of 2014, the FISMA reform bill would replace the requirement that federal agencies must file annual checklists that show the steps they’ve taken to secure their IT systems. Agencies, under the new law, instead would automatically continuously monitor their systems to assure their security.
Today’s post pic is from WhiteHouse.gov.