Resources for Federal Information Security Management Act (FISMA)

Cybereye—commentary: Beyond FISMA

www.gcn.com

A Senate subcommittee came to an unsurprising conclusion earlier this month about the Federal Information Security Management Act: FISMA compliance does not equal security.

The Homeland Security and Governmental Affairs Committee’s Federal Financial Management, Government Information, Federal Services and International Security Subcommittee held a hearing to wrestle with the question of why we continue to see data losses and breaches of federal information technology systems at the same time that metrics for FISMA compliance are improving.

Tim Bennett, president of the Cyber Security Business Alliance, pointed out the obvious: “FISMA does not tell the whole story when it comes to agencies’ information security practices. Nowhere is an agency’s ability to detect and respond to intrusions measured in FISMA.”

This doesn’t mean FISMA, imperfect as it might be, is at fault. The 2002 act is merely a tool, requiring a set of practices that can be used to improve information security.

View the Resource

Share or bookmarklet this web page at: