FISMA reform bill would require CISA to assign advisers to work with agency CIOs
The Cybersecurity and Infrastructure Security Agency would be required to appoint cybersecurity advisers from its department to work with each federal agency CIO if draft FISMA reform legislation passes into law in its current form.
Each adviser would be responsible for providing ongoing assistance and advice to their assigned CIO and act as the designated point of contact between each department and CISA in the event of a cybersecurity breach.
It is understood that smaller federal agencies would be able to share an adviser.
The proposal was included in draft legislation issued Monday by Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, and would mandate CISA Director Jen Easterly to designate a cybersecurity official to work with each agency within 120 days of the bill passing into law.
The Federal Information Security Modernization Act of 2021 is a wide-ranging bill which, if passed, would introduce a new requirement for agencies to report breaches to Congress within five days.
Lawmakers through the draft legislation also are seeking to impose new reporting responsibilities for federal government technology contractors, which would force them to notify agencies faster when a breach occurs. The reform would also introduce new cybersecurity training requirements for staff and enhance requirements over how cybersecurity incidents are logged.
CISA features heavily in the reform proposals, and if enacted, the bill would boost the enforcement powers of the agency’s director and require the agency to establish new quantitative cyber metrics. CISA, along with the director of the Office of Management and Budget, must also come up with a new definition of what constitutes a major cyber incident under the draft legislation.