FISMA Author on FISMA Reform
Tom Davis, the retired Virginia Republican who once headed the House committee charged with federal IT oversight, says the 7-year-old Federal Information Security Management Act needs to be taken to the next level to assure government IT systems are secure.
Davis, director of Federal Government Services at the consultancy Deloitte, recently spoke with my colleague Linda McGlasson, managing editor at GovInfoSecurity.com's sister site BankInfoSecurity.com, at the recent Payment Card Industry Security Standards Council community meeting in Las Vegas, where he delivered a keynote address. Here's the part of Linda's interview with Davis that addressed FISMA, which Davis authored.
McGLASSON: You will be giving some testimony next month on FISMA. A flavor of what some of that testimony might cover?
DAVIS: Well, I think it is time to take FISMA to the next level, and I will have some suggestions to talk about what they might want to do on that. One of the difficulties from FISMA at the outset was that the agencies get their report card and they sign their certifications each year in terms of where they are, but there is no punishment or reward. And the authorizers who write this stuff are so disjointed from the appropriators in Congress -- they have got to give this some muscle. They have got to make this a priority. There are just too many cooks in this thing, and everybody has got to sit around the table and say this is a problem, let's do it. Right now you have some people saying it's a problem, and some people focused on other items.
Click here to read the entire transcript of the interview.