Will FISMA Standards be Extended to the Private Sector to Avoid a Financial Cyber Attack?

WASHINGTON, April 1, 2011 /PRNewswire-USNewswire/ -- A little know agency, NIST, National Institute of Standards and Technology, in the Department of Commerce is toiling away at preparing standards required by FISMA (Federal Information Security Management Act)

FISMA requires NIST to "produce several key security standards and guidelines" applicable to federal computers. Fed RAMP is, and should remain, an integral element of federal security management.

The Center for Regulatory Effectiveness (CRE), a regulatory watchdog in Washington, DC, is ever mindful of the growing regulatory burden on the private sector. To this end CRE has published on its Interactive Public Docket two recent articles; one dealing with the vulnerabilities of the US financial system to cyber attacks and the other dealing with legislation which would bring key non-federal computer systems under the regulatory scope of the US government.

The articles include the following statements:

"Experienced Washington hands, such as former Homeland Security Secretary Michael Chertoff, rightly worry about insidious Stuxnet-type worms that might be insinuated into financial networks. Such worms can wreak havoc slowly and methodically by corrupting financial data without creating immediate alarm."

"Senators Joe Lieberman (I, Conn.), Susan Collins (R, Maine) and Tom Calpers (D, Del.) introduced the "Cybersecurity and Internet Freedom Act of 2011″ on Thursday. The bill is intended to "establish the essential point of coordination across the Executive branch" in the event of a crippling or catastrophic cyber attack against United States critical infrastructure, Ms. Collins said in a statement made on the floor of the Congress."

See https://www.thecre.com/fisma/?p=293

SOURCE Center for Regulatory Effectiveness