Feds Unlikely To Meet Cybersecurity Compliance Deadline
A Nov. 15 date for federal cybersecurity managers to start using the new CyberScope online reporting tool will be missed by many, as 85% have yet to use the new software.
Slideshow: Next Generation Defense Technologies
|(click for larger image and for full photo gallery)|
CyberScope is an automated, interactive reporting portal to support the compliance reporting requirements of the Federal Information Security Management Act. FISMA reporting has long been seen as too arduous and too far removed from operational cybersecurity metrics, but with CyberScope, the government hopes to move toward real-time or continuous monitoring of compliance.
More Government Insights
- The Untapped Potential of Mobile Apps for Commercial Customers
- Strengthening Security Protocols for Teleworking Employees
- Forrester Whitepaper: IT Operations Managers Must Rethink Their Approach to Private Cloud
- Edge Virtual Server Infrastructure
- Research: Federal Government Cybersecurity Survey
- Strategy: Cybersecurity: Continuous Monitoring Action Plan
However, a survey by MeriTalk on behalf of several cybersecurity and IT vendors, including ArcSight, Brocade, Guidance Software, McAfee, Netezza, and ImmixGroup, suggests that many federal agencies and IT leaders are not ready for the shift.
In all, only 15% of the high-ranking government IT officials who were surveyed as part of the study in July said they had used CyberScope. While those who had used the tool rated it with an "A" or "B" grade, the rest largely say they don't understand CyberScope's goals and submission requirements.
These findings come despite the fact that CyberScope was introduced in October 2009, that the Department of Homeland Security has been offering CyberScope training, and that top officials like federal CIO Vivek Kundra have repeatedly discussed CyberScope's value in addressing concerns about FISMA.
"November is right around the corner and Feds should realize the value in embracing this new FISMA reporting tool," Tom Conway, director of federal business development at McAfee, said in a statement. "We are working diligently with our federal customers to help leverage their current large investments in security solutions to meet this new compliance mandate."
Of the 85% of survey respondents who hadn't used the tool, 90% don't have a clear understanding of submission requirements, 72% don't clearly understand CyberScope's mission and goals, 69% aren't sure the new approach will result in more secure systems, and 55% believe FISMA reporting costs will actually increase due to CyberScope.
Earlier this year, Sen. Tom Carper, D-Del., estimated that FISMA's certification and accreditation process costs the government $1.3 billion annually, with auditing adding another $1 billion. Overall, since 2002, Carper said, the feds have spent more than $40 million on FISMA implementation.
Eventually, the administration wants federal agencies to be able to automatically feed information into the CyberScope tool without the need for manual data entry, but for now, many agencies will save their compliance information via a spreadsheet template and then upload it to CyberScope.
Blade servers are coming into their own, especially as part of virtualization projects. Also in this new, all-digital InformationWeek supplement: Want really cool blades? Total liquid submersion systems deliver. Download the supplement here (registration required).