Tech

Senators question White House FISMA compliance

A pair of senators say the White House hasn't reported its cybersecurity status to Congress in three years.

July 1, 2015

The White House has failed to keep up with reports to Congress on its cybersecurity, according to a letter penned by two senators.

As required by the Federal Information Security Management Act, or FISMA, federal agencies must report the status of their cybersecurity systems to Congress annually. Sens. Ron Johnson, R-Wis., and John Thune, R-S.D., though, say the White House Executive Office of the President hasn’t done so for the last three years.

And the last review the White House submitted to the Office of Management and Budget, which administers the requirements of the law, was for fiscal year 2008, the senators wrote in the letter to the president dated June 22. The letter wasn’t released publicly.

The senators wrote that “all agencies, expressly including the EOP, must implement a security program to take steps to secure their information and guidelines, including those from OMB, the Department of Homeland Security, and the National Institute of Standards and Technology.”

Johnson and Thune — chairmen of the committees on Homeland Security and Governmental Affairs and on Commerce, Science and Transportation, respectively — air their concerns in the wake of two reported breaches at the Office of Personnel Management that have compromised the personal information of at least 4.2 million federal employees.

“Recent reports that the Office of Personnel Management suffered multiple significant intrusions, resulting in the exposure of millions of employees’ personal information, only underscore the importance for every federal agency, including the EOP, to take steps to improve its cybersecurity posture,” the letter reads.

After the breaches, it became evident that OPM and several other federal agencies have not been in compliance with FISMA.

The White House hasn’t been immune to breaches itself. Last fall, hackers thought to be associated with the Russian government accessed unclassified White House networks. Lawmakers said the intrusion underscored a need for federal cybersecurity reform, much like what they’re saying now in the wake of the massive OPM breaches. Thune previously wrote to the president about the October breach but never received a response.

The pair of senators has asked for a response from the White House no later than July 13.

A senior administration official told FedScoop the White House has received the letter and is reviewing it.

Senators question White House FISMA compliance

More Like This

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

Cybersecurity executive order requirements are nearly complete, GAO says

GSA taps TTS deputy director to take top Login.gov role next month

Top Stories

DOJ seeks public input on AI use in criminal justice system

Scientists must be empowered — not replaced — by AI, report to White House argues

404 page: the error sites of federal agencies

White House hopeful ‘more maturity’ of data collection will improve AI inventories

Generative AI could raise questions for federal records laws

Oracle approved to handle government secret-level data

More Scoops

White House tells federal agencies to bolster cybersecurity in memo

White House launches AI cyber challenge to identify and fix open-source software vulnerabilities

OpenAI, Meta and other tech firms sign onto White House AI commitments

Industry groups call on White House to reaffirm commitment to ‘technology neutrality’

Quantum cybersecurity legislation passes Senate

What the midterm results mean for federal IT leaders

White House appoints Anjana Rajan as assistant national cyber director for technology security

Latest Podcasts

Senators question White House FISMA compliance

Scientists Must Be Empowered, Not Replaced by AI

Leveraging modern access management to achieve zero trust

The role of the federal chief AI officer

Tech

Defense

Cyber

Acquisition