FISMA Updates Would Require Annual Security Audits

The Senate is currently considering an update to the Federal Information Security Management Act that could give the law that governs information technology security a bit more bite.

In an article on the Government Computer News website, William Jackson says the updates would require annual security audits and would give chief information security officers broader authority to enforce requirements.

“Our security management legislation will hold federal agencies accountable for their ability to monitor, detect and respond to cybersecurity incidents,” Sen. Tom Carper (D-Del.) said in introducing the legislation.

“The bill was introduced Sept. 11 and referred to the Homeland Security and Governmental Affairs Committee,” Jackson says. “The odds of its seeing much action in the remaining weeks of this session’s legislative calendar probably are slim, given the distractions of presidential and congressional elections and the meltdown of the financial services industry. But some reworking of FISMA eventually will happen.”

According to Jackson, the changes would not rewrite FISMA, but would instead help ensure that controls already in place still provide adequate security. The current FISMA evaluations would be replaced with more formal audits, and it would also require each civilian agency to appoint a CISO who would report to the CIO.

To read the full article, click here: http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcn&story.id=47284