Federal Chief Information Security Officer (CISO) Chris DeRusha today offered an expansive set of ideas for how Congress may undertake reform of the Federal Information Security Modernization Act (FISMA) of 2014 to bring the existing law up to speed with the fast-moving security improvement work underway throughout the Federal government following the release of President Biden’s cybersecurity executive order in May. […]
The Small Business Administration (SBA) Office of the Inspector General (OIG) said in its newly released annual Federal Information Security Modernization Act (FISMA) report for Fiscal Year 2020 that SBA’s information security was “not effective” last year due in part to the COVID-19 pandemic. […]
House Oversight and Reform Committee Chairwoman Carolyn Maloney, D-N.Y., and several chairs of the panel’s key subcommittees today asked inspectors general (IGs) from ten Federal agencies for assessments of any cybersecurity vulnerabilities that were created or worsened by the use of telework systems during the coronavirus pandemic, and whether any such vulnerabilities have been mitigated. […]
Federal Chief Information Security Officer Chris DeRusha explained today that the foundational elements of the Continuous Diagnostics and Mitigation (CDM) program are fundamental to moving Federal government network security to zero trust concepts and that implementation of the program only becomes more important as cyber threats increase. […]
The chairman and ranking member of the Senate Homeland Security and Governmental Affairs Committee said today they are interested in changing the Federal Information Security Management Act (FISMA) to make sure that Congress gets timely notifications about major cyberattacks that have a national impact. […]
The Department of Agriculture’s (USDA) Office of the Assistant Secretary for Civil Rights (OASCR) is looking for a new cloud-based Equal Employment Opportunity (EEO) complaint tracking system. […]
A bill introduced on Dec. 11 by Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, would require Federal agencies to report to Congress within seven days about any cyber attacks they have faced that would cause significant harm to national security or agency operations. […]
The Office of Personnel Management’s (OPM’s) cybersecurity fell under scrutiny in two audits by the agency’s inspector general, with both identifying issues in OPM’s controls and security practices. […]
The Federal Labor Relations Authority (FLRA) scored well on its fiscal year 2020 Federal Information Security Modernization Act (FISMA) audit, with only four areas noted as weaknesses and no carry-over weaknesses from prior year audits. […]
The Office of the Inspector General (OIG) at NASA blamed the lack of information security programs, missing contingency plans, and ineffective IT security handbooks for the agency’s Federal Information Security Modernization (FISMA) Act shortcomings in Fiscal Year 2019. […]
Federal agencies got better at fending off cyberattacks and improving their overall cybersecurity posture last year, according to the Fiscal Year 2019 Federal Information Security Modernization Act (FISMA) Annual Report to Congress. […]
The Small Business Administration (SBA) resolved 11 recommendations for improvement after the agency’s Office of the Inspector General (OIG) determined that SBA’s information security procedures did not, overall, meet Federal Information Security Modernization Act (FISMA) reporting metrics, the OIG said. […]
While the Department of Homeland Security has been effective in strengthening Federal cybersecurity generally, the agency needs to push harder on agencies to follow through on its security directives, the Government Accountability Office said in a new report. […]
The General Services Administration (GSA) Office of Inspector General (OIG) reported three weaknesses in GSA’s Federal Information Security Management Act (FISMA) compliance for Fiscal Year 2019 in a report dated Dec. 5, 2019, but released on Jan. 30. […]
The Department of Housing and Urban Development (HUD) is missing the mark on records management and privacy requirements to the tune of more than one billion records that contain personally identifiable information (PII), the agency’s Inspector General (IG) said in a recent report. […]
While the Department of Labor (DOL) has consistently complied with Federal Information Security Management Act (FISMA) standards, the Office of the Inspector General (OIG) reported on Dec. 23 that the agency’s information security program is, overall, ineffective. […]
The Election Assistance Commission generally complies with Federal Information Security Management Act (FISMA) requirements, but the policies in place are not enough to protect agency information, according to a Jan. 2 report released by the EAC Office of the Inspector General (OIG). […]
For the first time in the history of the House Oversight and Reform Committee’s FITARA Scorecard, three agencies received “A” grades and set the bar higher for the 24 CFO Act agencies going forward into 2020. […]
The Office of Personnel Management (OPM) made progress during Fiscal Year 2019 on cybersecurity issues, and closed eight prior recommendations from its Office of Inspector General (IG) during the year, according to the IG’s 2019 Federal Information Security Modernization Act (FISMA) audit. […]
A FISMA audit found problems with both phishing and data exfiltration at the Social Security Administration (SSA), according to two report summaries released December 4 by the agency’s inspector general. […]
In a new semiannual report, the Intelligence Community Inspector General (ICIG) within the Office of the Director of National Intelligence (ODNI) says that ODNI must upgrade cybersecurity controls going forward to improve management and risk mitigation of trusted privileged users inappropriately accessing, modifying, destroying, or exfiltrating classified data. […]
The General Services Administration (GSA) made strides in IT transformation throughout Fiscal Year 2019 and plans to continue to prioritize modernization in FY2020, according to its FY2019 Agency Financial Report released on Nov. 21. […]
The Office of Management and Budget released its updated guidance for complying with the Federal Information Security Modernization Act of 2014 (FISMA), setting the timeline for Federal agencies to assess their cybersecurity posture. […]
The Consumer Financial Protection Bureau (CFPB) performed well on its fiscal year 2019 FISMA audit, reaching a Level 4 and meeting the threshold for effectiveness, according to a report released October 31 by CFPB’s inspector general. […]
The Treasury Department received mixed results on its fiscal year 2019 FISMA audit, with few weak spots identified but still falling below the level of effective, according to the audit released October 25 by the department’s inspector general. […]
The Federal Labor Relations Authority (FLRA) continues to meet Federal Information Security Modernization Act (FISMA) requirements with few areas of concern, according to a report by the FLRA Office of the Inspector General (OIG) released on Oct. 30. […]
A report by the U.S. Consumer Product Safety Commission’s (CPSC) Office of Inspector General (OIG) found that CPSC is making progress in implementing Federal Information Security Modernization Act (FISMA) requirements, but still have more work to do in that area. […]
According to an Office of Inspector General (OIG) Pension Benefit Guaranty Corporation (PBGC) report, the PBGC’s overall cybersecurity performance independent assessment rating is “not effective.” […]
The Small Business Administration’s (SBA) Office of the CIO (OCIO) has made improvements in its IT controls deployment, according to a recent Office of the Inspector General (OIG) report. […]
The Department of Energy (DoE) had weaknesses that held the department back from effectively managing cybersecurity on its IT systems, according to a summary of DoE’s FISMA (Federal Information Security Modernization Act) audit released September 27 by the department’s inspector general. […]