Cyber security report reveals Feds’ take on FISMA 2.0
A new study examines Federal CIO and CISO perceptions and usage experiences for CyberScope, the new Federal Information Security Management Act’s (FISMA) online reporting portal. The Obama administration created CyberScope to streamline the reporting process, enhance analysis, and importantly, reduce the $2.3 billion Feds spend annually on compliance.
The report, underwritten by ArcSight, Brocade, Guidance Software, McAfee, Netezza, and immixGroup, reveals that while the Office of Management and Budget (OMB) established November 15, 2010 as the deadline for Federal agencies to submit FISMA reports via CyberScope, as of July 85 percent of Fed security leaders have not utilized the tool. That said, of those who have used CyberScope, 100 percent give the tool an “A” or “B” grade.
While this small number of Fed users award CyberScope high marks, those who have not used the tool are not confident that it will meet its ultimate goals of cost savings and increased security.
Of CIOs and CISOs that have not used CyberScope, findings include:
Uncertainty abounds: 72 percent assert that they do not have a clear understanding of CyberScope’s mission and goals and 90 percent do not have a clear understanding of the submission requirements.
Security skepticism: 55 percent of respondents are unsure if the new submission process will improve security oversight. Additionally, 69 percent are unsure if the new approach will result in more secure Federal networks.
Cost savings unlikely: 55 percent state that CyberScope’s changes will increase submission costs.
The study shows that OMB must increase communication, clarify submission requirements, and provide training for the reporting protocol shift in order to achieve CyberScope’s goals of enhanced oversight and reporting simplification. In addition, OMB needs to leverage early-adopter case studies to communicate track-record success and exemplify the tool’s benefits and results to the 85 percent of Feds that have not yet used CyberScope.