Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

CyberScope – Report Reveals Federal Executive’s Thoughts on FISMA 2.0

The results a study that examined Federal chief information officers’ (CIO) and chief information security officers’ (CISO) perceptions and usage experiences for CyberScope was released today.

CyberScope is the new Federal Information Security Management Act’s (FISMA) online reporting created by the Obama administration to streamline the reporting process, enhance analysis, and reduce the $2.3 billion the federal government spends on compliance each year.

The results a study that examined Federal chief information officers’ (CIO) and chief information security officers’ (CISO) perceptions and usage experiences for CyberScope was released today.

CyberScope is the new Federal Information Security Management Act’s (FISMA) online reporting created by the Obama administration to streamline the reporting process, enhance analysis, and reduce the $2.3 billion the federal government spends on compliance each year.

The report, conducted by MeriTalk and underwritten by ArcSight, Brocade, Guidance Software, McAfee, Netezza, and immixGroup, revealed that of July, 85 percent of Fed security leaders have not utilized the tool. The Office of Management and Budget (OMB) established November 15, 2010 as the deadline for Federal agencies to submit FISMA reports via CyberScope. Of those who have used CyberScope, however, 100 percent give the tool an “A” or “B” grade. While this small number of Fed users award CyberScope high marks, those who have not used the tool question if it will meet its ultimate goals of cost savings and increased security.

Of CIOs and CISOs that have not used CyberScope, findings include:

• Uncertainty Abounds: 72 percent assert that they do not have a clear understanding of CyberScope’s mission and goals and 90 percent do not have a clear understanding of the submission requirements

• Security Skepticism: 55 percent of respondents are unsure if the new submission process will improve security oversight. Additionally, 69 percent are unsure if the new approach will result in more secure Federal networks

• Cost Savings Unlikely: 55 percent state that CyberScope’s changes will increase submission costs

The study shows that CIOs/CISOs are open to change but that OMB must increase communication, clarify submission requirements, and provide training for the reporting protocol shift in order to achieve CyberScope’s goals of enhanced oversight and reporting simplification. In addition, OMB needs to leverage early-adopter case studies to communicate track-record success and exemplify the tool’s benefits and results to the 85 percent of Feds that have not yet used CyberScope.

“November is right around the corner and Feds should realize the value in embracing this new FISMA reporting tool,” said Tom Conway, director of Federal business development, McAfee. “Cyber leaders must follow NASA’s and State’s best practices to capitalize on CyberScope’s benefits and realize more secure networks for America. We are working diligently with our Federal customers to help leverage their current large investments in security solutions to meet this new compliance mandate.”

“The administration is all about transparency – and this study provides critical insight from Federal cyber security stakeholders,” said Steve O’Keeffe, founder, MeriTalk. “You only get one opportunity to make a first impression. Vivek Kundra first introduced the notion of CyberScope in Senate testimony last fall. Clearly FISMA needs reform. That said, the communication about that new approach has been spotty at best since that time. OMB must embrace the lessons learned from the IT Dashboard. OMB must clearly communicate CyberScope’s goals, progress, value, and associated measurement framework to Fed cyber security stakeholders to make this program a winner – and if OMB fails, America is the loser.”

In July 2010, 34 Federal CIOs and CISOs were surveyed to create the report, “FISMA’s Facelift: In the Eye of the Beholder?” — The full results of the study are available here.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

CISO Conversations

In this edition of CISO Conversations, SecurityWeek speaks to two city CISOs, from the City of Tampa, and from Tallahassee.