Security News > 2021 > August > FISMA's a fizzer, says Cisco, and calls on Congress to get cyber security policy right – pronto

A senior Chief Information Security Officer advisor at Cisco has penned a commentary on the state of US cybersecurity frameworks, criticizing current government infosec and advocating for more autonomy for CISOs and a better understanding of the task at hand from those creating policies.

"After nearly two decades of federal cybersecurity and risk management as practiced under the rubric of the Federal Information Security Management Act of 2002 and the Federal Information Security Modernization Act of 2014, billions of dollars in appropriated federal cybersecurity funding have not appreciably improved the overall situation," wrote Bruce Brody.

Among other measures - like requiring agencies to budget for IT improvements and adopting government-wide cybersecurity approaches - the report recommends an update to FISMA 2014.

Brody also calls for an upgrade to FISMA 2014 and offers his brilliant recommendations for making the "Grandson of FISMA" a success.

He provides some linguistic suggestions too - like changing some wording within FISMA from "Ensure" to "Enforce" in order to give the CISO and CIOs actual authority over cybersecurity policies and those who violate them.

Brody has an axe to grind over the organizational structure within FISMA. Within the government regulation, a CISO is not even recognized, but rather referred to as a "Senior agency information security officer".

News URL

https://go.theregister.com/feed/www.theregister.com/2021/08/13/cisco_ciso_advisor_calls_on/