When it comes to enhancing their cybersecurity postures, federal agencies have to wade through an entire alphabet soup of regulatory compliance guidelines. From the RMF (Risk Management Framework) to FISMA (Federal Information Security Management Act) and DISA STIGs (Defense Information Systems Agency Security Technical Implantation Guides), there are a number of requirements that agencies must implement to satisfy the government’s definition of a secure environment.
On February 27, FISMA presented its annual report to Congress. The report (compiled by the OMB) provides metrics on federal cybersecurity incidents, efforts to mitigate them, and progress in implementing cybersecurity policies and programs.
The good news is that there is progress to report, with nearly 70,000 information security issues reported in FY’ 2014, up 15% over the previous year – there is still work to be done.
Data breaches are an unfortunate fact of life for government agencies – Edward Snowden being the most infamous case. And although agencies have taken steps to protect themselves, the growing number of breaches continues to frustrate IT and legislators alike.
All too often, federal IT personnel misconstrue software as being able to make their agency compliant with various regulations. It can’t – at least not by itself.