The confusion and uncertainty about the new Federal Information Security Management Act’s reporting tool many federal chief information officers experience may result in agencies missing a key deadline in adopting new cybersecurity reporting guidelines, according a recently published report.
Only a small number of federal IT managers have used the new CyberScope, the new FISMA online reporting portal, according to a survey of 34 federal CIOs and CISOs conducted by government IT network MeriTalk.
The study, titled “FISMA's Facelift: In the Eye of the Beholder?,” reveals while the Office of Management and Budget set Nov. 15, 2010 as the deadline for federal agencies to submit FISMA reports via CyberScope, as of July, 85 percent of federal security leaders have not use the tool.
The report also revealed an overwhelming sense of uncertainty among the CIOs and CISOs. Seventy two percent said they do not have a clear understanding of CyberScope's mission and goals, and 90 percent do not have a clear understanding of the submission requirements. Additionally, 55 percent of respondents are unsure if the new submission process will improve security oversight, and 69 percent are unsure if the new approach will result in better-protected federal networks.
“November is right around the corner and feds should realize the value in embracing this new FISMA reporting tool,“ said Tom Conway, director of federal business development at McAfee. “Cyber leaders must follow NASA's and State's best practices to capitalize on CyberScope's benefits and realize more secure networks for America. We are working diligently with our federal customers to help leverage their current large investments in security solutions to meet this new compliance mandate.“