• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Compliance & Regulations   »   Report to Congress details FISMA compliance progress

Report to Congress details FISMA compliance progress

  • Posted on:April 25, 2012
  • Posted in:Compliance & Regulations
  • Posted by:
    Trend Micro
0

The Federal Information Security Management Act of 2002 (FISMA) came at a time when government officials were first making the connection between digital technologies and the economic and national security interests of the the United States. Ten years later, a new report from the Office of Management and Budget (OMB) has revealed that several agencies have actually begun to regress in their quest to achieve full compliance with the law.

The inspector generals of 24 large federal agencies were asked to complete a comprehensive management of their current FISMA compliance progress across 11 categories ranging from data security training and remote access management to incident reporting and contingency planning.

The findings indicated that just seven of the 24 agencies surveyed have achieved greater than 90 percent compliance with FISMA protocol, with the average across all agencies standing at 72.8 percent.

There were several success stories, as more than one-third of offices surveyed were able to boost compliance compared last year's report. NASA, for example, gained a remarkable 32.1 percentage points. However, nearly half of those surveyed indicated that their FISMA compliance standing had regressed in the past 12 months. The U.S. Agency for International Development (USAID) experienced a drop of 36.6 percentage points, showing just how quickly the data protection landscape can evolve.

The Department of Justice, Department of Homeland Security and Social Security Administration were among the top performers, while other critical institutions such as the Department of Veterans Affairs, Department of Health and Human Services and Department of Transportation all garnered failing grades. One notable absence from the report was the Department of Defense, which, for the second consecutive year, was unable to provide answers containing the requisite level of detail.

Aside from ensuring the integrity and security of information related to their own operations, most public sector organizations are also trusted with sensitive data of private citizens. And as internal breaches and outsider threats such as hacktivist plots continue to threaten the privileged status of these records, the section on data privacy contained in the OMB report has received additional inspection.

"Ensuring the privacy of personal information for all American remains a top administration priority, especially as federal agencies leverage emerging technologies such as cloud computing, mobile computing devices and social media," report authors explained. "The privacy implications in the use of these technologies must be considered, and agencies should collaborate on solutions and best practices to mitigate privacy risks."

Despite a marked increase in the number of systems governed by compliance regulations, most agencies improved their data privacy standing in the past 12 months. All but one agency now has a written policy for conducting a Privacy Impact Assessment (PIA), a procedure which addresses such issues as determining what types of record merit analysis, evaluating the implications of evolutions in technology or business practices and facilitating public disclosure of report findings.

Moving forward, the OMB suggests that agencies should remain focused on delivering data security improvements by developing and using quantifiable metrics, repeatable processes and interoperable solutions to minimize technical barriers to implementation.

There will also be an increased emphasis on cost-efficiency, according to the report, as several agencies are slated to receive significant additions to their cybersecurity research and development budgets. One specific goal is the adoption and implementation of continuous monitoring solutions across all agencies to enable real-time analysis and response and contribute accurate, actionable information to collaborative efforts.

Security News from SimplySecurity.com by Trend Micro

Related posts:

  1. In financial industry, compliance needs lead to cloud adoption, study shows
  2. Government cloud progress tied to security innovations
  3. Government cloud progress tied to security innovations
  4. European Data Protection Supervisor releases progress report

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Digital Transformation is Growing but May Be Insecure for Many
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.