Issa Unveils Draft Bill to Reform FISMA

Provisions Formalize CISO Post among Federal Agencies
Issa Unveils Draft Bill to Reform FISMA

The chairman of the House Oversight and Government Reform Committee unveiled March 23 draft legislation to update the 8-year-old Federal Information Security Management Act.

See Also: Maintain a Clear Bill of (Third-Party Risk) Health

Among the provisions of the draft, presented by Rep. Darrell Issa, R-Calif., is the formalization of the post of chief information security officer within federal departments and agencies.

According to Issa, the draft legislation, to be known as the Federal Information Security Amendments Act of 2012, would establish a mechanism for stronger oversight through a focus on automated and continuous monitoring of cybersecurity threats and conducting regular threat assessments.

Issa said federal agencies struggle with cybersecurity threats, and this update to FISMA would incorporate the last decade of technological innovation, while also addressing FISMA shortcomings realized over the past years. "FISMA had become a compliance activity, even at times when compliance appeared to supersede security," Issa's statement says.

Unlike the more comprehensive Cybersecurity Act of 2012 from the leaders of the Senate Homeland Security and Governmental Affairs Committee and the SECURE IT Act from a group of leading Republican senators [see Compromise in Air over Cyber Bill], the Federal Information Security Amendments Act of 2012 is more narrowly focused on FISMA reform, and does not address areas of potential conflict such as whether or not to regulate the mostly private owners of the nation's critical IT infrastructure.

Issa says the draft represents a culmination of work by the Oversight Committee under Democratic and Republican leaders with substantial contributions from individuals working in government and the private sector.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.