Senators question White House FISMA compliance
The White House has failed to keep up with reports to Congress on its cybersecurity, according to a letter penned by two senators.
As required by the Federal Information Security Management Act, or FISMA, federal agencies must report the status of their cybersecurity systems to Congress annually. Sens. Ron Johnson, R-Wis., and John Thune, R-S.D., though, say the White House Executive Office of the President hasn’t done so for the last three years.
And the last review the White House submitted to the Office of Management and Budget, which administers the requirements of the law, was for fiscal year 2008, the senators wrote in the letter to the president dated June 22. The letter wasn’t released publicly.
The senators wrote that “all agencies, expressly including the EOP, must implement a security program to take steps to secure their information and guidelines, including those from OMB, the Department of Homeland Security, and the National Institute of Standards and Technology.”
Johnson and Thune — chairmen of the committees on Homeland Security and Governmental Affairs and on Commerce, Science and Transportation, respectively — air their concerns in the wake of two reported breaches at the Office of Personnel Management that have compromised the personal information of at least 4.2 million federal employees.
“Recent reports that the Office of Personnel Management suffered multiple significant intrusions, resulting in the exposure of millions of employees’ personal information, only underscore the importance for every federal agency, including the EOP, to take steps to improve its cybersecurity posture,” the letter reads.
After the breaches, it became evident that OPM and several other federal agencies have not been in compliance with FISMA.
The White House hasn’t been immune to breaches itself. Last fall, hackers thought to be associated with the Russian government accessed unclassified White House networks. Lawmakers said the intrusion underscored a need for federal cybersecurity reform, much like what they’re saying now in the wake of the massive OPM breaches. Thune previously wrote to the president about the October breach but never received a response.
The pair of senators has asked for a response from the White House no later than July 13.
A senior administration official told FedScoop the White House has received the letter and is reviewing it.