[20141124]IN10186_网络安全：FISMA改革.pdf

CRS InsightsCybersecurity: FISMA ReformEric A. Fischer, Senior Specialist in Science and Technology (efischercrs.loc.gov, 7-7071)November 24, 2014 (IN10186)Two bills to revise the Federal Information Security Management Act (FISMA, 44 U.S.C. Chapter 35,Subchapter III) are being considered in the 113th Congress. H.R. 1163 passed the House in April 2013,and S. 2521 was reported to the Senate in September 2014.Current FISMA RequirementsEnacted in 2002, FISMA created a security framework for federal information systems. It emphasizesrisk management and gives specific responsibilities to the Office of Management and Budget (OMB),the National Institute of Standards and Technology (NIST), and individual federal agencies.FISMA gives OMB responsibility for overseeing federal information-security policy, evaluating agencyinformation-security programs, and promulgating cybersecurity standards developed by NIST. Itrequires executive agencies to inventory major computer systems, identify and provide appropriatesecurity protections, and develop, document, and implement agency-wide information-securityprograms. Agencies must provide security protections commensurate with risk and comply withappli