New FISMA Regs Roll Back Three-Year Reauthorizations

September 16, 2011
FedCyber Wire
No Comment

via Nextgov

The Obama administration has rescinded a much-maligned, paper-intensive requirement that agencies test the security controls on computer systems every three years or when upgraded.

This year, the annual instructions for complying with the 2002 Federal Information Security Act, or FISMA, say that new governmentwide procedures for automatically testing and tracking security, called continuous monitoring, fulfill the antiquated 3-year reauthorization policy. So, chief information officers can skip that lengthy, expensive step this fall when they report to Congress on fiscal 2011 cyber incidents.

Continued here.