Federal Chief Information Officer Vivek Kundra recently unveiled the new Federal Information Security Management Act (FISMA) guidance which will look to use “real-time electronic data that feed directly and immediately into security monitoring and alert systems.”
In a blog post, Kundra writes “This change means that agencies will be able to identify vulnerabilities faster and actively protect against attacks. The new approach is the result of many months of work by an interagency task force that reached out not only to agency officials but also to the private sector. The group identified best practices and innovative approaches that will make our cybersecurity efforts more effective and efficient.”
Previously, government agencies were forced to spend significant time and capital on producing paper based reports.
“The State Department alone, in the past six years, spent $133 million amassing 95,000 pages of security documentation for about 150 major IT systems. This works out to roughly $1,400 per page in reports that were often outdated days within being published,” Kundra writes.
The ultimate goal of moving away from the paper based system is to implement solutions that work to enhance security, rather than focus on generating paperwork.
“In order for the government to focus on the necessary automation and continuous monitoring of the security status of all systems, the Department of Homeland Security (DHS) will provide operational support to all federal agencies,” Kundra writes. “DHS will monitor and report agency progress to ensure the effective implementation of this guidance.”
Kundra also highlighted the need for collaboration in the cybersecurity arena and he believes that the groundwork being laid now will yield security dividends in the future.
“A secure, trusted computing environment in the federal government is the responsibility of everyone involved. It requires employees, contractors, and the American people working together to create a culture of vigilance and security so we can efficiently leverage the power of technology while respecting the privacy and civil liberties of the American people,” he writes.