Cybersecurity: FISMA Reform (CRS Report for Congress)
A full-text PDF of the latest version is currently unavailable.
| Release Date |
Revised Dec. 15, 2014 |
| Report Number |
IN10186 |
| Report Type |
Insight |
| Authors |
Fischer, Eric A. |
| Source Agency |
Congressional Research Service |
| Older Revisions |
-
Premium Nov. 24, 2014 (2 pages, $24.95)
add
|
Summary:
Two bills to revise the Federal Information Security Management Act (FISMA, 44 U.S.C. Chapter 35, Subchapter III) are being considered in the 113th Congress. [â¦] Enacted in 2002, FISMA created a security framework for federal information systems. It emphasizes risk management and gives specific responsibilities to the Office of Management and Budget (OMB), the National Institute of Standards and Technology (NIST), and individual federal agencies. [â¦] A commonly expressed concern about FISMA is that it is awkward and inefficient in providing adequate cybersecurity to government Information Technology (IT) systems. The causes cited have varied but themes have included inadequate resources, a focus on procedure and reporting rather than operational security, lack of widely accepted cybersecurity metrics, variations in agency interpretation of the mandates in the act, excessive focus on individual information systems as opposed to the agency's overall information architecture, and insufficient means to enforce compliance both within and across agencies.
