Cybersecurity reporting
OMB Reminds Agencies to Incorporate Biden Cyber EO Into FISMA Reporting
The Office of Management and Budget issued a memorandum on Monday reminding agencies to apply President Joe Biden‘s cybersecurity executive order to the Federal Information Security Modernization Act data compliance reporting.
New guidance from OMB requires organizations to incorporate multifactor authentication and data encryption requirements into FISMA reporting. It also sets the groundwork that would help agencies to rely on automation, machine-to-machine cybersecurity data collection and collation when preparing for FISMA submissions. It also reminds officials that self-assessment will no longer be sufficient and that the federal government must rely on methods that empirically validate security and find weaknesses. The memo was signed by OMB Deputy Director for Management Jason Miller, FCW reported.
The memo reminds officials that public-facing systems are being scanned by various parties for vulnerabilities, and organizations should consider this in their security operations. OMB also listed five main areas of zero trust architecture that agencies must work on to make the federal enterprise more resilient against cyberattacks.
Other reminders for government agencies include keeping the Cybersecurity and Infrastructure Security Agency and Department of Homeland Security updated on their portfolio of public-facing websites and adopting CISA’s incident reporting and response playbook when making cyberattack disclosure reports.
The Biden cybersecurity EO eliminates barriers to information sharing, modernizes federal government cybersecurity, enhances software supply chain security, establishes a cyber safety review board, standardizes the government’s cyber response playbook and lists other matters that focus on cybersecurity.
Category: Cybersecurity