Editor’s Note: CRE’s comments on the CAESARS Framework Extension (2nd Draft); NIST Interagency Report 7756 are available here.
From: InformationWeek/Government
Primary tool for defending government information systems is inadequate in the battle against cyber threats and attacks, federal IT security managers say.
Richard W. Walker
The primary statutory framework for defending government information systems — the Federal Information Security Management Act (FISMA) — is falling short in the battle against cyber threats and attacks, creating a compelling need for new strategies, such as continuous monitoring, to improve security at agencies, federal cybersecurity professionals say.
Only about half of the federal IT security managers polled in a survey released this week said that FISMA has improved security at their agencies. Just 27% reported that their agencies are “currently perfectly compliant” with FISMA.
The polling figures suggest that efforts to push FISMA compliance have made little headway since a March 2012 assessment conducted by the Office of Management and Budget.
While 62% of respondents in the new survey believed that increased FISMA compliance would improve security, the survey also revealed that many security managers lack overall confidence in FISMA. They said FISMA is antiquated (11%), is insufficient in dealing with today’s increasingly sophisticated threat landscape (21%), and encourages compliance rather than risk identification and assessment (28%). Moreover, 86% reported that FISMA compliance increases costs.
Leave a Reply