Rep. Darrell Issa, R-Calif., introduced draft legislation Friday that would reform the 2002 Federal Information System Management Act.
The Federal Information Security Amendments Act of 2012, would provide stronger oversight of federal networks, computers and other information systems by focusing on continuous monitoring of those systems, according to a news release. “FISMA had become a compliance activity, even at times when compliance appeared to supersede security.”
The draft legislation, which is open for comment, defines automated and continuous monitoring as
monitoring, with minimal human involvement, through an uninterrupted, ongoing real time, or near real-time process used to determine if the complete set of planned, required, and deployed security controls within an information system continue to be effective over time with rapidly changing information technology and threat development.
The legislation would require the agency chief information security officer to report “periodically, but no less than annually,” to the agency head about the ” effectiveness of the agency information security program; information derived from automated and continuous monitoring and threat assessments.”