Policy Analysis of FISMA: How the Government Plans to Modernize Our Cybersecurity Defenses
Carter Hendrick
Old Dominion University School of Cybersecurity
CYSE 425W: Cyber Strategy and Policy
Teresa Duvall
9/15/2024
Policy Analysis of FISMA: How the Government Plans to Modernize Our Cybersecurity Defenses
In 2002 the American government released the Federal Information Security Management Act, now known as the Federal Information Security Modernization Act (FISMA). This new version of the policy was enacted in 2014 was a response to increased cyber-attacks on America. FISMA (2002) was enacted to bolster the foundations of the cybersecurity and IT industries in America due to how it had been neglected up to that point. This is one of the best ways to now keep America defended. The American military is the strongest in the world and it is only proper our cyber defenses are the same.
FISMA 2002 ver.
FISMA (2002) was made to give responsibilities to certain agencies and offices in the American government that would ensure better defenses from cyber-attacks (CIO*). Specifically, all agency heads would have to create an annual report of their information security programs and send it for review to the Office of management and business (OMB). This was the best way to have multiple eyes always checking and keeping security programs in order. If not checked then it could lead to data leaks that would be especially dangerous and difficult for the government to deal with, especially in 2002 when the policy was first enacted. The actual checklist that held these reports to standard was created by the National Institute of standards and technology (NIST) and is the main reason that information is so well regulated (CMS Information Security & Privacy Group*).
FISMA 2014 ver.
FISMA (2014) is an amended version of the original act, that keeps the necessity of the annual reports to the OMB. It also points out the responsibilities of other agencies like the National Security Council (NSC), and the Department of Homeland Security (DHS) which can pull resources together in case of cybersecurity emergencies (OMB*). The main reason of the amended act is not only to cut down on unnecessary or redundant reports but also to focus on confidentiality, Integrity, and availability (CIO*). This is all to make sure that all information is well secured and kept away from any form of vulnerability. That all information is original and never modifying the primary source and instead using copies to create changes, and keeping this information available for those who need it to do their jobs.
FISMA Compliance
There are a few different things that must be done for an agency to be FISMA compliant such as, constant surveillance throughout facilities, the before mentioned reports, a document listing all the controls for the security plan, and system risk categorization (CMS Information Security & Privacy Group*). There are more than just these precautions taken by agencies, since information security is now more important than ever these policies are doing a lot in keeping government data secure.
Setting up for the Future
The FISMA policy has been a staple in keeping government data secure since it was enacted in 2002 and has only gotten more important since then. While it is a simple act of monitoring and reporting, it has most likely stopped many data breaches big and small that would have happened without it in place. Keeping up with security equipment, programs, and even people is the only way to prevent many issues, and when a data breach does happen it is easy to look back at the reports and see why. By having what is basically a paper trail of specific security controls, the creation of counter measures against future attacks will always be easier.
Works Cited:
-
*CIO, 2.3 Federal Information Security Modernization Act (2002). CIO.GOV. (n.d.). https://www.cio.gov/handbook/it-laws/fisma/
-
*Office of Management and Budget, Federal Information Security Modernization Act of 2014. (2018, October 31). https://www.whitehouse.gov/wp-content/uploads/2019/08/FISMA-2018-Report-FINAL-to-post.pdf
-
*Federal Information Security Modernization Act (FISMA). CMS Information Security & Privacy Group. (n.d.). https://security.cms.gov/learn/federal-information-security-modernization-act-fisma