Despite a NASA initiative to move to continuous monitoring of its IT systems, perceived as better approach to information security, the space agency fails a FISMA audit and agrees to take remedial steps by next year.
How tough of a challenge is it to enact a major cybersecurity bill this year? "I could introduce a resolution, and say that Labor Day comes in the month of September, and I'm unlikely to get 60 votes for that," Sen. Tom Carper says.
"The idea is over the next year to really build this up into a much more robust program than what OMB" - which is very lightly staffed - "been able to do," says Bruce McConnell, counselor to DHS's deputy undersecretary.
Buried deep within the 854 pages of the Senate version of the National Defense Authorization Act are the basic elements of cybersecurity reform, including provisions to update parts of FISMA, the primary law governing IT security.
A review of the June's top news items, featuring the voices of NASA CISO Jerry Davis; Sen. Joseph Lieberman; DHS's Philip Reitinger; Melissa Hathaway; formerly of the White House; and Michael Kaiser of the National Cybersecurity Alliance.
This latest guidance is aimed at helping agencies implement continuous monitoring of their IT systems as they move away from the traditional paper-based compliance rules under the Federal Information Security Management Act.