The Federal Information Technology Acquisition Reform Act became a law in 2014, in an attempt to boost technology...
projects in the U.S. government, but not much has been said about it. What does FITARA entail, and what effect might it have on cybersecurity in the U.S. government?
The Federal Information Technology Acquisition Reform Act, or FITARA, was signed into law in December 2014. The act requires that the heads of many government agencies ensure their respective CIO has a significant role in all information technology decisions. This includes cybersecurity, and is especially important in light of recent government agency breaches, such as in the Office of Personnel Management and at the Federal Deposit Insurance Corporation.
However, FITARA hasn't eliminated cybersecurity issues from federal agencies. For example, a recent report from the Office of the Inspector General titled "Evaluation of DHS' Information Security Program for Fiscal Year 2015" showed that the Department of Homeland Security numerous security vulnerabilities, such as missing security patches, components with weak passwords, internal websites susceptible to XSS and cross-frame attacks, SQL injections, configuration vulnerabilities, a lack of required specialized training for privileged users, remote access issues, insufficient monitoring, and not testing contingency plans. There are other issues, as well. However, it is sufficient to state that cybersecurity in the federal government is sorely wanting.
FITARA is not a mandate for the CIO to procure cybersecurity tools or protection measures, and the allocation of these purchases is clearly at the CIO's discretion. But, if this apparent void is not addressed, and breaches continue in government agencies, the CIO for each affected agency will have many people to answer to, including the head of each agency.
Can FITARA have an effect on cybersecurity in the U.S. government? Clearly, yes. The act was designed to move agencies and departments to a more efficient system for new technology purchases, while moving away from outdated legacy products, which can certainly benefit cybersecurity. To what extent and how effective it will be is looked upon with great anticipation.
Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)
Learn more about important government security issues
Find out if the U.S. government needs a federal CISO
Check out information about Rule 41 changes
Dig Deeper on Government information security management
Related Q&A from Mike O. Villegas
A social media security policy is necessary for most enterprises today. Expert Mike O. Villegas discusses what should be included in social media ...continue reading
A cybersecurity training center could help security professionals continue their education, but are the benefits worth the investment for enterprises...continue reading
Yahoo reportedly rejected a forced password reset after numerous data breaches compromised user data. Expert Mike O. Villegas discusses whether this ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.