OMB Mulls Real-Time FISMA MetricsThe Office of Management and Budget is considering implementing new metrics as part of the annual reporting processes by federal agencies required under the Federal Information Security Management Act that would involve, for the first time, real-time measurements to determine the security of IT assets.
Working with the National Institute of Standards and Technology, OMB is seeking comments on the proposed metrics by early next year.
"These metrics represent a new approach, which focuses on improving security, not just compliance," a statement on the NIST website says. "These metrics should encourage agencies to take concrete steps to improve their security posture by implementing monitoring tools, strengthening areas such as identity and configuration management, and reporting on four new categories: remote access management, identity and access management, data level controls, real-time security awareness and management."
Comments on the proposal should be sent to OMB-Metrics@nist.gov by Jan. 4.