Premium Content

Access "Revamped FISMA requirements aim to improve federal security "

Crystal Bedell Published: 18 Oct 2012

Compliance with the Federal Information Security Management Act of 2002 (FISMA) has long been a thorn in the side of government agencies. Failing grades from the General Accounting Office have been commonplace, leading to increased scrutiny of government security and the state of data security within respective agencies. "FISMA was never implemented by measuring security effectiveness, it was only used to justify wasteful exercises in compliance," says Alan Paller, director of research at the SANS Institute. FISMA, often considered an ineffective paper exercise, has since undergone something of an overhaul. The introduction of an automated reporting tool and mandates for continuous monitoring are aimed at moving agencies beyond data collection to risk management and ultimately, better information security. The road to streamlined FISMA requirements has its challenges, though. CYBERSCOPE In October 2009, seven years after FISMA was enacted and racked up some $40 billion in costs, Federal CIO Vivek Kundra unveiled CyberScope. The automated FISMA reporting tool... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside


More Premium Content Accessible For Free