The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > Security > IT Security RSS
Is U.S. ICE the New FISMA? Is U.S. ICE the New FISMA?
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read


More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
CSIS Cybersecurity Report - FISMA iBot IT Security RSS 0 12-09-2008 06:00 PM
FISMA 2008 - What is it and what will change? iBot IT Security RSS 0 10-31-2008 10:10 PM
FISMA – Is Something Missing? iBot IT Security RSS 0 05-30-2008 12:50 PM

 
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish Bulgarian Greek Powered by Powered by Google
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
Prev Previous Post   Next Post Next
  #1 (permalink)  
Old 05-08-2009
iBot's Avatar
iBot iBot is offline
Forum Robot Girl
  
 

Join Date: Sep 2000
Posts: 22,260
Is U.S. ICE the New FISMA?
The United States Information and Communications Enhancement Act of 2009 (U.S. ICE Act of 2009) was introduced to the Senate on April 28, 2009.  This bill, if successfully passed, would overhaul the provisions currently in FISMA and seek to strengthen information security in the federal government. 

 

Link to full text: http://www.govtrack.us/congress/billtext.xpd?bill=s111-921

 

As quoted by Sen. Tom Carper (D.-Del):

“Instead of agencies wasting precious resources producing security plans that are outdated as soon they are printed, my bill requires agencies to continuously monitor their networks for cyber intrusions and malicious activities, take steps to address their vulnerabilities, and then regularly test whether the steps they are taking to secure their networks are effective.”

 

Although the bill as written would be improve upon the current FISMA Act of 2002, the bill should be evaluated carefully by the assigned Committee, to address how the new requirements can be integrated into the federal government effectively, which has been trying to building processes to meet and measure compliance under FISMA.

 

Additionally, the bill introduced necessary steps that should be taken to adjust the focus of security from compliance as a “paper exercise” to compliance as a “security exercise”.  By adding scope for the wider adoption of standardized security configurations, the government would expand upon the Federal Desktop Core Configuration (FDCC) to require commercial-off-the-shelf (COTS) products and services to be standardized, including using products and services with secure baseline configurations consist with standards and guidelines developed by NIST.  This raises the importance of the Security Content Automation Protocol (http://scap.nist.gov/index.html), which has slowing been taking shape, and hopefully would enable agencies to more effectively assess their security configuration on a regular basis.  This would also enable federal agencies to improve their compliance to known security baselines, currently only possible with FDCC.

 

Another important function of the US ICE that should not be overlooked, is the restructuring of the leadership within the federal government to raise the level of importance of IT security to the White House (National Office of Cyberspace).  The Office of Management and Budget (OMB), E-gov Administrator (previously Karen Evans) has been the face of FISMA since its inception.  However, as noted in the bill, “the information infrastructure of the United States is a strategic national resource vital to our democracy, economy, and security.”  Any American would probably agree that the Internet is a critical and key resource.  But beyond, the basis of connecting people and enable national and international communications, the infrastructure supporting the Internet expands beyond a web browser and the web servers.  The interconnection of our infrastructure supports the facet of every American’s life, from healthcare to the stock market.  Our reliance on the information infrastructure should require the federal government to ensure this infrastructure is managed at the highest levels within the government.  The current organizational leadership does not have the authority to make the necessary changes within many agencies, which should be changed to ensure Chief Information Security Officers (CISOs), whether at the department level, or within an individual government program are given the ability to effectively execute their roles to ensure the information and information system are protected (commensurate with the risk).

 

I look forward to following this new legislation, and the roadmap that will follow.  Ideally, the work being done under the current FISMA should be reused and any processes that would be added or changed should be phased into the current security landscape carefully to ensure those that must implement ICE (i.e., IT Security Officers, Security Managers, Business Unit Executives and Managers, etc.)  within their organization fully understand the changes and how to applying them.




More...
 

Bookmarks

« The Missing Vials | Paying it Forward »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Threaded Mode Threaded Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -4. The time now is 04:56 AM.

The UNIX and Linux Forums - Learn UNIX and UNIX Commands RSS Feeds - Contact Us - The UNIX and Linux Forums - Learn UNIX and UNIX Commands - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0