The Senate Homeland Security and Governmental Affairs Committee approved a new bill intended to strengthen the Federal Information Security Management Act on June 25. The bill heads to the Senate floor for a full vote next.
Introduced by committee chairman Sen. Tom Carper (D-Del.) and Sen. Tom Coburn (R-Okla.), the new legislation would amend the current FISMA, passed in 2002. Government agencies are required by law to meet the guidelines and annually assess their progress. However, the 12-year old FISMA requirements are roundly regarded as being more time-consuming than effective, and outdated as well.
The Federal Information Security Modernization Act of 2014 shifts the focus away from self-assessments and checklist reporting to encourage continuous monitoring, data breach mitigation, and integrated security testing.
The bill also clarifies the roles of the Office of Management and Budget to set and enforce policy and the Department of Homeland Security’s Continuous Diagnostics and Mitigation Program to handle the operational aspects of information security management and oversight.
“Cybersecurity is one of our nation’s biggest challenges,” said Carper, in a statement after the vote. “That’s why it’s imperative that we face this 21st century threat with a 21st century response.”
The House of the Representatives passed its version of the FISMA reform bill in a 416-0 vote back in April 2013. If FISMA 2014 passes the full Senate vote, the two versions would be reconciled into a unified bill before being signed into law. Passage appears likely as the bill has support from both parties.
Both FISMA 2014 and the National Cybersecurity and Communications Integration Act, which would form a federal civilian information-sharing cybersecurity interface, comprise “an important step in our effort to modernize our nation’s cybersecurity programs and help the public and private sectors work together to tackle cyber threats more effectively in the future,” Carper said.
Fahmida Y. Rashid is an accomplished security journalist and technologist. She is a regular contributor for several publications including iPCMag.com where she is a networking and security analyst. She also was a senior writer at eWeek where she covered security, core Internet infrastructure and open source. As well, she was a senior technical editor at CRN Test Center reviewing open source, storage, and networking products.