Q
Problem solve Get help with specific problems with your technologies, process and projects.

What effect does FITARA have on U.S. government cybersecurity?

FITARA became a law in 2014, but government cybersecurity continues to struggle. Expert Mike O. Villegas discusses the effects of the law.

The Federal Information Technology Acquisition Reform Act became a law in 2014, in an attempt to boost technology...

projects in the U.S. government, but not much has been said about it. What does FITARA entail, and what effect might it have on cybersecurity in the U.S. government?

The Federal Information Technology Acquisition Reform Act, or FITARA, was signed into law in December 2014. The act requires that the heads of many government agencies ensure their respective CIO has a significant role in all information technology decisions. This includes cybersecurity, and is especially important in light of recent government agency breaches, such as in the Office of Personnel Management and at the Federal Deposit Insurance Corporation.

However, FITARA hasn't eliminated cybersecurity issues from federal agencies. For example, a recent report from the Office of the Inspector General titled "Evaluation of DHS' Information Security Program for Fiscal Year 2015" showed that the Department of Homeland Security numerous security vulnerabilities, such as missing security patches, components with weak passwords, internal websites susceptible to XSS and cross-frame attacks, SQL injections, configuration vulnerabilities, a lack of required specialized training for privileged users, remote access issues, insufficient monitoring, and not testing contingency plans. There are other issues, as well. However, it is sufficient to state that cybersecurity in the federal government is sorely wanting.

FITARA is not a mandate for the CIO to procure cybersecurity tools or protection measures, and the allocation of these purchases is clearly at the CIO's discretion. But, if this apparent void is not addressed, and breaches continue in government agencies, the CIO for each affected agency will have many people to answer to, including the head of each agency.

Can FITARA have an effect on cybersecurity in the U.S. government? Clearly, yes. The act was designed to move agencies and departments to a more efficient system for new technology purchases, while moving away from outdated legacy products, which can certainly benefit cybersecurity. To what extent and how effective it will be is looked upon with great anticipation.

Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)

Next Steps

Learn more about important government security issues

Find out if the U.S. government needs a federal CISO

Check out information about Rule 41 changes

This was last published in January 2017

Dig Deeper on Government IT Security Management

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What do you think of the Federal Information Technology Acquisition Reform Act?
Cancel
I see that the problem with the law on Cyber security is very similar in the US and EU.

Generally, the law is above all for the officials. No law will not solve the mistakes in the foundations of a particular field.

To improve the situation in the IT and related fields (PC, smart phone, SCADA, IoT, driverless cars, etc.) is an important initiative of professionals.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close