FYI ---------- Forwarded message ---------- From: Audrey McNeil <[email protected]> Date: Mon, Dec 22, 2014 at 6:29 AM Subject: [Dataloss] Obama Signs 5 Cybersecurity Bills To: [email protected]
http://www.databreachtoday.com/obama-signs-5-cybersecurity-bills-a-7697 Without ceremony, President Obama on Dec. 18 signed five cybersecurity-related bills, including legislation to update the Federal Information Security Management Act, the law that governs federal government IT security. It's the first time in 12 years that significant cybersecurity legislation has become law. The last major piece of cybersecurity law to be passed by Congress and signed by a president was the E-Government Act of 2002, which included FISMA. The five cybersecurity measures, among 48 bills the White House announced the president had signed, include the: - Federal Information Security Modernization Act, which codifies the existing administration practice of having the Office of Management and Budget determine IT security policies for federal agencies. In addition, the law grants the Department of Homeland Security authority to carry out the operational aspects of those policies among civilian agencies (see FISMA Reform Heading to the White House). The statute eliminates the 12-year-old requirement that agencies must submit a checklist showing their IT systems and processes comply with security standards and controls. Instead, under FISMA reform, agencies are required to continuously monitor their systems for vulnerabilities. - Homeland Security Workforce Assessment Act, a rider on the Border Patrol Agent Pay Reform Act, which identifies and fills key cybersecurity positions at DHS and provides competitive compensation. The statute also calls for a process to identify IT security skills the DHS needs to fill. "Slow and cumbersome hiring procedures have been a persistent challenge for DHS when competing for scarce cybersecurity talent," says Diana Burley, a Georgetown University professor who studies government IT security employment. "This bill will reduce these barriers to entry and enhance DHS's ability to compete with other agencies - most notably NSA and DoD - in hiring the limited number of cybersecurity professionals." - Cybersecurity Workforce Assessment Act, which requires the DHS to assess its cybersecurity workforce and develop a comprehensive strategy to enhance the readiness, capacity, training, recruitment and retention of its cybersecurity workforce. - National Cybersecurity Protection Act, which codifies the National Cybersecurity and Communications Integration Center, a 24x7 cyber situational awareness, incident response and management center that is a national nexus of cyber and communications integration for the federal government, intelligence community and law enforcement. The NCCIC shares information among the public and private sectors to provide greater understanding of cybersecurity and communications situation awareness of vulnerabilities, intrusions, incidents, and mitigation and recovery actions. "It is critical that the department continues to build strong relationships with business, state and local governments and other entities across the country so that we can all be better prepared to stop cyber-attacks and quickly address those intrusions that do occur," says bill sponsor, Sen. Tom Carper, D-Del. - Cybersecurity Enhancement Act, which authorizes the Department of Commerce, through its National Institute of Standards and Technology unit, to facilitate and support the development of voluntary standards to reduce cyber-risks to critical infrastructure. The law also requires the Office of Science and Technology Policy to develop a federal cybersecurity research and development plan (see Bill OK'd to Enhance NIST Cybersecurity Role). _______________________________________________ Dataloss Mailing List ([email protected]) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail [email protected] Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us! -- You received this message because you are subscribed to the Google Groups "NFORCEIT" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send an email to [email protected]. Visit this group at http://groups.google.com/group/nforceit. For more options, visit https://groups.google.com/d/optout.
