By William Jackson
The Senate Homeland Security and Government Affairs Committee yesterday
approved a Senate bill that would update the Federal Information
Security Management Act.
S. 3474, The FISMA Act of 2008, was introduced Sept. 11 by Sen. Tom
Carper (D-Del.) to address concerns that FISMA compliance had become a
paperwork drill without ensuring improved IT security. The bill would
require annual security audits by agencies and would give chief
information security officers broader authority to enforce FISMA
FISMA is the primary law governing federal IT security, requiring
risk-based security controls for non-national-security information
systems and the certification and accreditation of systems. Carper's
bill would focus on ensuring that controls provide adequate security,
replacing current FISMA evaluations with formal annual audits and
requiring the appointment of chief information security officers in each
civilian agency with authority to enforce FISMA compliance. The bill
also would establish a CISO Council directed by the National Cyber
Security Center and require the Homeland Security Department to conduct
regular red team penetration tests against networks.
Adequate IT security also would be required on all contractor networks,
and the Office of Management and Budget would establish contract
language on IT security reflecting these requirements.
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!