The Federal Information Security Modernization Act, passed this month, brings cybersecurity into the 21st century and changes the rules of the road for Federal employees in IT. Five ways the new legislation will affect your job:
- Less paper-trails
Updating the Federal Information Security Management Act (FISMA), which Politico describes as “a checklist-driven process that mainly fills binders with paperwork at great cost,” means agencies will replace arduous annual checklists with continuous systems monitoring to assure proper security measures.
- Every data breach must be reported
With the new FISMA, agencies must now report information breaches on Federal systems to Congress. Greater oversight attention will compel organizations to better understand breaches and make it harder to sweep them under the rug.
- New reforms can come at a faster pace
With FISMA, OMB and the White House won’t need to act in a piecemeal fashion to grant DHS the authority to assure the security of Federal civilian agencies. The reform will retain the White House and OMB’s overall jurisdiction over Federal government IT security.
This allows for sweeping changes that could disrupt agency operations more rapidly than in past years.
- Greater autonomy, adaptability
This is not one-size-fits-all legislation. Lawmakers recognized “that the selection of specific technical hardware and software information security solutions should be left to individual agencies from among commercially developed products,” notes Nextgov.
This allows agencies the independence to use their resources at their own discretion, without approval from additional oversight.
- Agencies will carry a heavier burden
“It forces them to act rather than just to sit on their heinies,” said Alan Paller, founder of the SANS Institute who has long pushed for a change to FISMA, to Politico.