Congress Proposes Updates to Federal Information Security Modernization Act

House and Senate lawmakers seek to impose new cyber incident reporting rules as part of a proposed amendment to the Federal Information Security Modernization Act.

If passed, the new version of FISMA would require all federal agencies to alert Congress and the Cybersecurity and Infrastructure Security Agency when major attacks occur.

The secretary of defense and the CISA director would also be obligated to regularly brief lawmakers on zero trust implementation progress across the federal government.

Meanwhile, CISA would be assigned to release best practices on requiring penetration testing and using artificial intelligence to automate cybersecurity.

The proposed FISMA update outlines the federal chief information security officer’s responsibilities and mandates that chief privacy officers be appointed in all agencies.

In addition, the bill calls on agency heads to oversee the adoption of a single sign-on platform on public-facing websites requiring user authentication, Nextgov/FCW reported.

The proposed legislation follows a similar effort in 2022 led by the House Oversight and Reform Committee.

FISMA was introduced in 2002 and last updated in 2014.