Federal agencies may miss a key deadline in the implementing of new cybersecurity reporting guidelines, according a recently published survey.
Only a small minority of federal managers have used the new CyberScope reporting tool, according to a survey of 34 chief information officers across a number of federal agencies conducted by government IT network MeriTalk under the sponsorship of several IT companies, including ArcSight and McAfee. The survey was released yesterday.
The Obama administration created the tool to replace paper and email reporting as part of efforts to streamline the process and cut back on the more than $2.3 billion federal agencies spend each year on compliance.
The Office of Management and Budget announced Nov. 15, 2010 as the deadline for agencies to submit FISMA reports through CyberScope.
But as of July, only about 15 percent of them had actually done so, according to the survey.
The remaining 85 percent are skeptical it will enhance security or save costs, and overall remain uncertain of the program’s mission, the survey says.
The bright light in the sea of discouraging data collected by the survey is that of those who have tried CyberScope, 100 percent gave the program the grade of either “A” or a “B.”
According to the study, OMB needs to take more of a hand in increasing communication and clearing up confusion over submission requirements so CyberScope can do its job of increasing and enhancing oversight.
“November is right around the corner and feds should realize the value in embracing this new FISMA reporting tool,” said Tom Conway, director of federal business development for McAfee, one of the sponsors of the survey. “Cyber leaders must follow NASA’s and State’s [two early adopters of the program] best practices to capitalize on CyberScope’s benefits and realize more secure networks for America.”