[ISN] New FISMA bill gets committee OK

From: InfoSec News <alerts_at_private>
Date: Thu, 25 Sep 2008 00:26:20 -0500 (CDT)
http://www.gcn.com/online/vol1_no1/47205-1.html

By William Jackson
GCN.com
09/24/08 

The Senate Homeland Security and Government Affairs Committee yesterday 
approved a Senate bill that would update the Federal Information 
Security Management Act.

S. 3474, The FISMA Act of 2008, was introduced Sept. 11 by Sen. Tom 
Carper (D-Del.) to address concerns that FISMA compliance had become a 
paperwork drill without ensuring improved IT security. The bill would 
require annual security audits by agencies and would give chief 
information security officers broader authority to enforce FISMA 
requirements.

FISMA is the primary law governing federal IT security, requiring 
risk-based security controls for non-national-security information 
systems and the certification and accreditation of systems. Carper's 
bill would focus on ensuring that controls provide adequate security, 
replacing current FISMA evaluations with formal annual audits and 
requiring the appointment of chief information security officers in each 
civilian agency with authority to enforce FISMA compliance. The bill 
also would establish a CISO Council directed by the National Cyber 
Security Center and require the Homeland Security Department to conduct 
regular red team penetration tests against networks.

Adequate IT security also would be required on all contractor networks, 
and the Office of Management and Budget would establish contract 
language on IT security reflecting these requirements.

[...]


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/
Received on Wed Sep 24 2008 - 22:26:20 PDT

This archive was generated by hypermail 2.2.0 : Wed Sep 24 2008 - 22:34:02 PDT