House lawmakers introduce FISMA modernization legislation
House lawmakers have introduced new legislation that would clarify federal cybersecurity roles, improve shared services and advance a risk-based cybersecurity posture under the Federal Information Security Management Act (FISMA).
The proposed law, introduced by House Committee on Oversight and Reform Chairwoman Rep. Carolyn Maloney, D-N.Y., and ranking member Rep. James Comer, R-Ky., would update FISMA for the first time since 2014.
Included in the new measures is language that would clarify the roles and responsibilities of the Office of Management and Budget for cybersecurity policy development and oversight responsibilities. It would also assign operational coordination responsibilities to the Cybersecurity and Infrastructure Security Agency (CISA) and overall responsibility for cybersecurity strategy to the National Cyber Director.
Section 2010 of the new legislation includes a proposal that would extend the Chief Data Officers Council. If this provision is not enacted the council is set to end in 2025.
If it passes into law, the updated FISMA legislation would also modernize and streamline reporting requirements for federal agencies, in particular through the use of automation, and require all departments to keep inventories of all internet-accessible IT systems and assets.
Maloney said the proposed legislation ensures “that federal agencies can keep pace with the challenges of the constantly evolving cyber frontier.”
“Nation-state adversaries like Russia and China, as well as other threat actors, present a constant danger,” she said in a statement. “The Federal Information Security Modernization Act of 2022 elevates our federal cyber defenses to the next level, taking a cutting-edge and strategic approach to ensure federal IT systems can better prepare for and respond to today’s cyber challenges.”
Comer added: “The federal government maintains extensive public records containing sensitive information on all Americans and businesses. Recent cyberattacks make it clear we need a modern update to the federal government’s cybersecurity practices to better protect against, quickly fix, and deter future damaging digital intrusions that can harm our economy and impact Americans’ daily lives.”