PRO+ Premium Content/Information Security

Thank you for joining!
Access your Pro+ Content below.
June 2011

Revamped FISMA requirements aim to improve federal security

Compliance with the Federal Information Security Management Act of 2002 (FISMA) has long been a thorn in the side of government agencies. Failing grades from the General Accounting Office have been commonplace, leading to increased scrutiny of government security and the state of data security within respective agencies. "FISMA was never implemented by measuring security effectiveness, it was only used to justify wasteful exercises in compliance," says Alan Paller, director of research at the SANS Institute. FISMA, often considered an ineffective paper exercise, has since undergone something of an overhaul. The introduction of an automated reporting tool and mandates for continuous monitoring are aimed at moving agencies beyond data collection to risk management and ultimately, better information security. The road to streamlined FISMA requirements has its challenges, though. CYBERSCOPE In October 2009, seven years after FISMA was enacted and racked up some $40 billion in costs, Federal CIO Vivek Kundra unveiled CyberScope. The ...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue