FISMA Insecurity – Part II

(This blog has been re-posted from Steve O’Keeffe and MeriTalk with permission.) I attended an all-boys high school. At 16, we had no idea how to talk to women. It seems OMB is tongue-tied too when it comes to FISMA reform, CyberScope, and chatting up CIOs and CISOs. As the deadline for all agencies to use CyberScope for FISMA reporting looms – November 15, 2010 – it looks like OMB is in serious danger of going to the prom alone. A new MeriTalk study – FISMA's Facelift – reports that as of July 2010, 85 percent of Federal IT security leaders have yet to go on a first date with CyberScope. If beauty is only skin deep, let’s dig beneath the surface. Of the 85 percent “CyberScope virgins,” 72 percent don’t understand CyberScope’s mission and goals – and 90 percent don’t know how to get lucky – they’re unclear on the submission requirements. 55 percent question CyberScope’s economic benefits – asserting it will increase cost. Most damaging, Feds don’t see the value of courting. 55 percent don’t believe CyberScope will improve security oversight and 69 percent are unsure if the new approach will improve Uncle Sam’s cyber security. Now, if I were OMB, I’d be feeling pretty insecure about a new approach that was sold as a way to reduce C&A cost and improve outcomes at the October 29, 2009 Senate Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security Hearing. But, the study is not all bad news – no reason to resign CyberScope to living with his mother until middle age quite yet. You see, the 15 percent of Federal cyber execs in the study who have used CyberScope can’t say enough good things about the portal. 100 percent of them give CyberScope an A or B grade – and they’re all bullish about its ability to reduce cost, enhance oversight, and improve security outcomes. From Cyrano De Bergerac to Billy Joel, there’s ample evidence that to win in romance, we need to “tell her about it.” OMB owns a golden opportunity to change the economics and outcomes associated with FISMA – too long the ugly duckling of Federal IT. Like a teen looking for love in today’s connected world, Mr. Kundra must work his network to win – get the CIOs and CISOs that know, like, and value CyberScope to run their mouths. Perhaps OMB has too many balls in the air to listen to and really engage with its most important audience – the agencies? Time is short before the CyberScope deadline. Let’s hope that romance is in the air. That’s two in a row on FISMA issues and OMB. Time to give it a break. I’m sure that Mr. Kundra could give me a pointer or two about how to speak with women. As ever, we invite you to join in the dialogue – share your opinion, tell them I'm still a windbag – click here.