The White House has announced an initiative that will make it mandatory for federal agencies to report compliance with cybersecurity regulations. This will be accomplished through a new software tool which will be released this month in a test version. The tool will collect information that is required under the Federal Information Security Management Act.
Required information includes an inventory of systems, assessments of system sensitivity, description of security methods and tools utilized to achieve those ends. Lastly, the Act requires an update on reduction of agency holding of personally identifiable information.
Vivek Kundra, federal CIO said, “The purpose behind the tool is to move away from paperwork submission to a more analytical platform that would allow us to see how agencies are performing, what we should focus on, and to improve the ability for US-CERT to monitor performance across the federal government.”
Kundra added, the Office of Management and Budget are collaborating with federal chief information security officers to ensure the reporting produces quantitative and qualitative measures on the effectiveness and reach of agency security efforts.
The introduction of the tool has not changed the requirements but will automate the process. FISMA reports are due in September, but as the tool is not yet available the deadline is extended to November 18.