“Federal Chief Information Security Officer (CISO) Chris DeRusha today offered an expansive set of ideas for how Congress may undertake reform of the Federal Information Security Modernization Act (FISMA) of 2014 to bring the existing law up to speed with the fast-moving security improvement work underway throughout the Federal government following the release of President Biden’s cybersecurity executive order in May…”
“DeRusha made no hard-and-fast recommendations for reform but talked about two areas he’d like to see Congress focus on.
The first of those, he said, involves testing and validating security arrangements, rather than relying on “self-attestation” by agencies. That would involve agencies moving ‘in a path toward more rigorous application of security testing’ through red and blue-team exercises and penetration testing, and building out vulnerability disclosure programs, he said…”
“The second area he suggested was increasing security automation.
‘This is a continual push that we’ve been on a path for over a decade of using continuous monitoring tools, and using that standardized data to improve awareness, reduce costs,’ and boost the quality of security reporting, he said…” Read the full article here.
Source: Federal CISO DeRusha Maps FISMA Reform Priorities – By John Curran, July 21, 2021. MeriTalk.