After a potential setback late last week, Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, are still looking to attach their legislation to reform the Federal Information Security Modernization Act (FISMA) added to the Senate’s fiscal year (FY) 2022 National Defense Authorization Act (NDAA) making its way through the chamber, a Senate Homeland Security and Governmental Affairs Committee staffer told MeriTalk.
The FISMA reform legislation was not included in Senate Armed Services Committee Chairman Jack Reed’s D-R.I., amendment in the form of a substitute that the chamber will vote on cloture for when it returns Nov. 29.
However, Sens. Peters and Portman, the chair and ranking members of the Senate Homeland Security and Governmental Affairs Committee, respectively, have filed the bill as a part of S.Amdt.4799, which is an amendment to Reed’s amendment in the nature of a substitute. “We are still hoping to add it to the NDAA,” the staffer told MeriTalk.
FISMA was initially enacted in 2014 and in the seven years since the way the Federal government accounts for and is accountable for cybersecurity has changed vastly. Since FISMA was first enacted, the Federal government created the Cybersecurity and Infrastructure Security Agency (CISA), the position and office of the National Cyber Director Chris Inglis, and plenty more changes to the Federal information security landscape have occurred as well.
The amendment from Peters and Portman looks to codify those changes in responsibilities and capabilities further into law in a broad effort to further modernize and update Federal government cybersecurity practices. Among other things, the bill would:
- Put CISA more firmly in the driver’s seat for Federal civilian agency security;
- Wrap the National Cyber Director and the Office of Management and Budget (OMB) more tightly into cybersecurity policy-setting;
- Ensure more timely delivery to key congressional committees of details about major cyberattacks;
- Codify into Federal law some aspects of President Biden’s cybersecurity executive order issued in May; and
- Put into motion penetration testing of Federal civilian networks – a provision that won the endorsement of Federal CISO Chris DeRusha in several of his recent cybersecurity policy speeches.
FISMA reform is just one of a few consequential cybersecurity bills that lawmakers are looking to add to the FY2022 NDAA. Senators are also looking to add cyber incident reporting legislation to the defense spending bill. The annual defense bill has become a popular home for cyber updates and recommendations from the National Cyberspace Solarium Commission.