For the first time in 12 years, Congress has passed and sent to the White House major cybersecurity legislation, including an update to the Federal Information Security Management Act (FISMA). The last time Congress enacted significant cybersecurity legislation was the passage of FISMA in 2002.
With the recent number of high-profile data breaches (Home Depot, Target etc.) affecting millions of American citizens, the US government has felt pressured to make changes to and pass cybersecurity legislation. Protecting American businesses and citizens from cyber attacks is a key challenge the federal government faces and is noted as a major issue by the Department of Homeland Security (DHS).
What changes will the FISMA reform entail?
Known as the Federal Information Security Modernization Act of 2014, the FISMA reform bill will require agencies to automatically and continuously monitor their systems to ensure their security, instead of just annual checklists.
The White House would retain their stance managing the overall act and budget requirements.
The Department of Homeland Security would have an elevated role in getting other civilian federal agencies to comply with cybersecurity standards. This would clarify and strengthen DHS responsibilities, as well as allowing them to respond faster to cybersecurity challenges.
“Legislative action is vital to ensuring the department has the tools it needs to carry out its mission”, said DHS Deputy Undersecretary for Cybersecurity Phyllis Schneck.
Other bills that have been passed and sent to the White House:
- One to help the Department of Homeland Security recruit and retain qualified IT security personnel
- Another to codify an existing cybersecurity and communications operations center at DHS
- A Cybersecurity Workforce Assessment Act to assess the future DHS cybersecurity workforce
- And last but not least: the Homeland Security Cybersecurity Workforce Assessment Act which would allow the Homeland Security secretary to designate key, senior cybersecurity positions within DHS and to name individuals to those posts.
To keep up-to-date with the latest news on US cybersecurity legislation, data breaches, and information security best practices, subscribe to our blog and/or Daily Sentinel.