Site icon

Homeland Security and FISMA Updates in 2022

FISMA featured

FISMA is one of the foundational cybersecurity documents in the U.S. government. Its passage in 2002 and subsequent update in 2014 have defined the security landscape for federal IT systems and associated contractors. 

However, a one-two punch from Congress and the President has changed things again. With recent cyber threats causing major damage to public and private resources, an Executive Order from the Office of the President, coupled with updates implemented by Congress, has shaped, directly or indirectly, the implementation of FISMA.

 

What is FISMA?

The Federal Information Security Management Act (FISMA) was created as part of the E-Government Act of 2002 (and further updated by the Federal Information Security Modernization Act–also FISMA–in 2014) with the express purpose of modernizing federal systems and their inherent security. Congress recognized that entering the age of digital communication and record-keeping would require agencies and their partners to adhere to specific security requirements to protect sensitive data, secret or otherwise. 

FISMA outlines a few specific and foundational practices that government agencies and contractors should follow for compliance. These include:

There are additional regulations governing IT systems in areas like government-partnered cloud platforms and defense supply chain contracting. Still, for the most part, federal IT regulations will call back to FISMA as their basis. 

 

What Changed for FISMA in 2021?

In 2021, the Senate Homeland Security and Governmental Affairs Committee approved an overhaul of FISMA to update contractor and agency reporting requirements.

The 2021 update dictated a few changes to the law, namely, 

These updates are intended to shore up some of the gaps in the law concerning the fast-moving and pervasive challenges facing administrators and security experts and create transparency between the government and the private sector. 

 

What Is in Store for FISMA in 2022?

On December 6, 2021, the Deputy Director of Management for the Office of the President released a memo, “Fiscal Year 2021-2022 Guidance on Federal Information Security and Privacy Management Requirements.” This memo outlined several deadlines and reporting requirements for government agencies for the upcoming fiscal year. 

Some of these requirements include the following line items:

This memo also defines how CISA and the OMB will approach reporting and metrics and defines governing agencies involved in U.S. cybersecurity discussions. 

 

The Upcoming Evolution of Cybersecurity in the U.S.

With the release of EO 14028, most individuals and organizations in the “know” of national cybersecurity and defense understood that changes were coming down the pipeline. As it stands, these changes seem to be as promised–streamlining security across government and private sector, implementing zero trust architecture and new reporting and auditing standards. 

Like many changes in regulations, the main burden enterprises will face is updating their infrastructure and their auditing processes. With risk and automation becoming the norm, rather than the exception, it’s time for businesses to think about what it means to move from manual auditing to rapid, accurate audit automation. 

 

Are You Ready to Automate Assessments and Prepare for New Cybersecurity Regulations?

Call Lazarus Alliance at 1-888-896-7580 or fill in this form. 

[wpforms id=”137574″]

Exit mobile version