About the Federal Information Security Modernization Act (FISMA)
Data security took another stride last week with the passing of the Federal Information Security Modernization Act (FISMA) which made it through the House and Senate without issue. It is currently on its way to the desk of the President. This was the first cyber bill of the lame-duck session.
The goal of this bill is to change the government’s approach on how they manage and respond to data breaches. It will allow the Office of Management and Budget (OMB) to authorize and set policies with regard to deferral information security. It will also direct the Department of Homeland Security (DHS) to help implement and assist those policies.
FISMA will also assist in the modernization of the federal network security laws, which are currently outdated. It will also provide the tools and authorities needed to help improve data security at federal agencies, and most importantly increase transparency and accountability when breaches occur at federal facilities.
The FISMA legislation that recently passed actually contained elements from two other bills, which had passed earlier in the year. There was some opposition to the FISMA due to its slight variation from the earlier two, but it was not enough for the majority to not send it through.
There is however a downside to the bill, at least in the eyes of the legislators and the industry. FISMA still just addresses a fraction of what those two parties were hoping to achieve. Industry wanted a legal safe harbor for businesses that exchange cyber threat information with the NSA. The private sector was calling for the standardization of federal data breach notification requirements.
Regardless of what is being said, there is no question this may be a small step but it is a significant step in the right direction. This is a small piece of a much larger puzzle that is quickly coming together.