OMB Mulls Real-Time FISMA Metrics

The Office of Management and Budget is considering implementing new metrics as part of the annual reporting processes by federal agencies required under the Federal Information Security Management Act that would involve, for the first time, real-time measurements to determine the security of IT assets.

Working with the National Institute of Standards and Technology, OMB is seeking comments on the proposed metrics by early next year.

"These metrics represent a new approach, which focuses on improving security, not just compliance," a statement on the NIST website says. "These metrics should encourage agencies to take concrete steps to improve their security posture by implementing monitoring tools, strengthening areas such as identity and configuration management, and reporting on four new categories: remote access management, identity and access management, data level controls, real-time security awareness and management."

Comments on the proposal should be sent to by Jan. 4.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.