Government IT Leaders Not Keen on FISMA
Although FISMA is designed to aid agencies in addressing various threats, survey results indicated it might be doing more harm than good.Federal cyber-security professionals lack confidence in the Federal Information Security Management Act (FISMA), and do not believe their agencies’ current cyber-security solutions are sufficient and sustainable, according to a survey by MeriTalk, a public-private partnership focused on improving the outcomes of government IT. In the past 12 months, agencies defended against insider threats or leaks (64 percent), non-state actors (60 percent) and state-sponsored threats (48 percent). Given the growing number and increasing sophistication of the attacks, just one in five (22 percent) cyber-security professionals rate their agency’s cyber-security solutions as sufficient and sustainable. Although FISMA is designed to aid agencies in addressing these threats, survey results indicated it might be doing more harm than good. Just 53 percent of federal cyber-security professionals say FISMA has improved security at their agency, while 86 percent report that FISMA compliance increases costs. As a result of security challenges, just 40 percent of cyber-security professionals are confident in their agency’s security. Those confident in their agency’s security are more likely to say their agency has an adequate budget (83 percent), their users are compliant with cyber-security policies (80 percent), and their cyber-security department can identify and implement new cyber-security technology effectively (91 percent).
"FISMA’s compliance model is not keeping up with the evolving security landscape or the security demands," Mark Weber, president of NetApp’s U.S. Public Sector, said in a statement. "There is a shift in the industry from compliance to continuous monitoring, and a vast number of new technologies exist to support this change. Our federal cyber-professionals should be given the resources, regulation and management support to take advantage of these technologies to help thwart cyber-security attacks."