WASHINGTON, DC – Rep. Darrell Issa, R-Calif, chairman of the House Oversight and Government Reform Committee, and Oversight and Government Reform Committee Ranking Minority Member Rep. Elijah Cummings, D-MD., yesterday introduced the Federal Information Security Amendments Act of 2012 (HR 4257). This legislation enhances the Federal Information Security Management Act (FISMA) of 2002 by improving the framework for ensuring security over information technology systems that support the federal government. It establishes a mechanism for stronger oversight through a focus on automated and continuous monitoring of cybersecurity threats and the implementation of regular threat assessments.
“This bill is the result of a bipartisan collaborative effort with public and private sector partners to solve our nation’s information security crisis,” said Chairman Issa. “Congress understands that some of our country’s greatest security threats come from cyber attacks. FISMA had become a compliance activity, even at times when compliance appeared to supersede security. ”
“Last week, the head of U.S. Cyber Command, General Alexander, testified that securing our nation against cyber threats is one of our biggest national security challenges,” said Ranking Member Cummings. “This bipartisan legislation will ensure that federal agencies use a risk-based approach to defend against cyber attacks and protect government information from being compromised by our adversaries.”
Currently, federal agencies are struggling with cyber-security threats, and this update to FISMA will incorporate the last decade of technological innovation, while also addressing FISMA shortcomings realized over the past years.
The bill in its draft form was released on www.KeepTheWebOpen.com last Friday allowing the public to view legislation, suggest changes, and vote on the changes suggested by others. Chairman Issa will continue to take input through the MADISON platform on the site as the bill moves forward.
FISMA 2012 is the product of years of House Oversight Committee fact-finding and close consultation with key stakeholders on the front lines of government and private-sector cybersecurity efforts – including public full committee and subcommittee hearings.