May 11, 2009

New information security bill to replace FISMA

There's yet another cyber security bill introduced in the US Senate; this one is called the 2009 U.S. Information and Communications Enhancement Act. While the others affect both government and private industry this one aims to strengthen information security within government offices.

It's an update to FISMA which has long been criticized for the lack of requiring agencies to demonstrate compliance. This bill focuses more on measuring actual security rather than on report writing, which is FISMAs focus. It requires the Commerce Department to establish standards for securing government systems. It will take away information security management away from the DOD and NSA and limits DHS' role to incident response and defenses provided by US CERT. I'm not sure I agree with that as there are some talented folks at DHS and US CERT.

You can read the whole bill here

No comments: