House Oversight Committee floats FISMA update
New bill reprises measure that passed the House but stalled in the Senate in 2012.
The leadership of the House Oversight and Government Reform Committee introduced a bill on March 14 to update federal information security regulations to include continuous monitoring of cybersecurity threats and regular threat assessments.
The Federal Information Security Amendments Act of 2013 (H.R. 1163) is a second take on legislation that passed the House unanimously on a voice vote in 2012, but was not taken up by the Senate. It updates the Federal Information Security Management Act to provide controls to protect government information networks and information. The legislation backs the use of commercial security solutions for government systems and leaves decisions on hardware and software products up to individual agencies.
Committee Chairman Darrell Issa (R-Calif.), Ranking Minority Member Rep. Elijah Cummings (D-Md.), Government Operations Subcommittee Chairman John Mica (R-Fla.) and Government Operations Subcommittee Ranking Member Gerry Connolly (D-Va.) are sponsoring the bill.
"Currently, federal agencies are struggling with cyber-security threats," Issa said. "This update to FISMA will incorporate the last decade of technological innovation, while also addressing FISMA shortcomings realized over the past years."
The Government Accountability Office noted in its 2013 High Risk Report that cyber incidents among federal agencies had spiked 782 percent from 2006 to 2012, Connolly said. "FISMA’s static, compliance-based framework is clearly inadequate to this rapidly evolving threat to our security. Our bipartisan legislation will enhance FISMA to promote a more dynamic, risk-based approach to securing federal information systems."