The Senate Homeland Security and Governmental Affairs Committee voted unanimously today to advance for full Senate consideration of a bill that would extensively overhaul the 2014 version of the Federal Information Security Management Act (FISMA) that sets cybersecurity requirements for Federal civilian agencies.
The Federal Information Security Management Act of 2021 was unveiled earlier this week and is the product of a series of hearings by the Senate committee following the spate of high-profile cyberattacks against government and private sector entities that emerged in late 2020, including the SolarWinds Orion supply chain software attack.
The committee approved the bill today with only a brief debate.
The bill sets forth numerous new requirements for the Federal government to manage cybersecurity functions – and measure how well those are working – at Federal agencies. Among other provisions, the bill would:
- Put the Cybersecurity and Infrastructure Security Agency (CISA) more firmly in the driver’s seat for Federal civilian agency security;
- Wrap the National Cyber Director and the Office of Management and Budget (OMB) more tightly into cybersecurity policy-setting;
- Ensure more timely delivery to key congressional committees of details about major cyberattacks;
- Codify into Federal law some aspects of President Biden’s cybersecurity executive order issued in May; and
- Put into motion penetration testing of Federal civilian networks – a provision that won the endorsement of Federal CISO Chris DeRusha in several of his recent cybersecurity policy speeches.
The bill does not appear to have companion legislation currently in the House, and a House staffer who follows tech legislation closely told MeriTalk that thus far there are no immediate stirrings among House members to introduce a matching legislative measure.