http://www.gcn.com/online/vol1_no1/47205-1.html By William Jackson GCN.com 09/24/08 The Senate Homeland Security and Government Affairs Committee yesterday approved a Senate bill that would update the Federal Information Security Management Act. S. 3474, The FISMA Act of 2008, was introduced Sept. 11 by Sen. Tom Carper (D-Del.) to address concerns that FISMA compliance had become a paperwork drill without ensuring improved IT security. The bill would require annual security audits by agencies and would give chief information security officers broader authority to enforce FISMA requirements. FISMA is the primary law governing federal IT security, requiring risk-based security controls for non-national-security information systems and the certification and accreditation of systems. Carper's bill would focus on ensuring that controls provide adequate security, replacing current FISMA evaluations with formal annual audits and requiring the appointment of chief information security officers in each civilian agency with authority to enforce FISMA compliance. The bill also would establish a CISO Council directed by the National Cyber Security Center and require the Homeland Security Department to conduct regular red team penetration tests against networks. Adequate IT security also would be required on all contractor networks, and the Office of Management and Budget would establish contract language on IT security reflecting these requirements. [...] __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Wed Sep 24 2008 - 22:26:20 PDT
This archive was generated by hypermail 2.2.0 : Wed Sep 24 2008 - 22:34:02 PDT