Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

The Federal Information Security Modernization Act of 2014

The Federal Information Security Management Act (FISMA) of 2002 was put into place to implement a framework for the effectiveness of information security controls for Federal information systems, to provide oversight, and to provide for the development of minimum controls for securing Federal information systems. FISMA gave the National Institute of Standards and Technology (NIST) the authority to develop the standards and guidelines that are used for implementing and maintaining information security programs for risk management.

After twelve years, an amendment to FISMA has been signed into law: the Federal Information Security Modernization Act of 2014. This update provides several modifications to FISMA that modernize Federal security practices to current security concerns.

  • Reasserts the authority of the Director of the Office of Management and Budget (OMB) with oversight, while authorizing the Secretary of the Department of Homeland Security (DHS) to administer the implementation of security policies and practices for Federal Information Systems. Gives the delegation of OMB’s authorities to the Director of National Intelligence (DNI) for systems operated by an element of the intelligence community.
  • Requires agencies to notify Congress of major security incidents within seven days. OMB will be responsible for developing guidance on what constitutes a major incident.
  • Places more responsibility on agencies looking at budgetary planning for security management, ensuring senior officials accomplish information security tasks, and that all personnel are responsible for complying with agency information security programs.
  • Changes the reporting guidance focusing on threats, vulnerabilities, incidents, the compliance status of systems at the time of major incidents, and data on incidents involving personally identifiable information (PII).
  • Calls for the revision of OMB Circular A-130 to eliminate inefficient or wasteful reporting.
  • Provides for the use of automated tools in agencies’ information security programs, including periodic risk assessments, testing of security procedures, and detecting, reporting, and responding to security incidents.

This update strengthens the use of continuous network monitoring in maintaining a constant cycle of assessment

These changes will result in less overall reporting, less “check-the-box” style of approaches to compliance, more focus on the agencies for compliance, and reporting that is more focused on the issues of security incidents. This update strengthens the use of continuous network monitoring in maintaining a constant cycle of assessing the impact to information systems from both planned and unplanned changes.

Additional cybersecurity legislation proposals are forthcoming from President Obama to further build on the progress of the current Congress. As we look ahead to what these proposals on cybersecurity information sharing, combating cybercrime, and data breach reporting will mean, it is important to evaluate the status of current cybersecurity implementations against the new requirements of the recent FISMA update.

Tenable Network Security continues to provide a streamlined process for assessing vulnerabilities and discovering security issues in real-time, through the use of SecurityCenter Continuous View™, which provides the most comprehensive and integrated view of network health, and Nessus®, the global standard in detecting and assessing network data. For more information on how Tenable products support FISMA compliance, see our FISMA solutions page.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security