Senate Committee Releases Federal Cybersecurity Report

Senate Committee Releases Federal Cybersecurity Report
Federal Cybersecurity

The Senate Homeland Security and Governmental Affairs Committee has issued a 47-page report outlining a list of recommendations to improve the cybersecurity posture of federal agencies. 

The Senate panel’s Federal Cybersecurity report recommends that the Office of Management and Budget (OMB) direct agencies to adopt a risk-based budgeting framework for information technology investments.

The Senate committee called for the U.S. government to take a “centrally coordinated approach” to cybersecurity to ensure accountability and urged the Department of Homeland Security (DHS) to give Congress a plan to update the EINSTEIN system.

The panel has recommended that the Cybersecurity and Infrastructure Security Agency (CISA) expand shared services offerings to agencies.

Congress should amend the Federal Information Security Modernization Act of 2014 to reflect cyber best practices, direct federal agencies and contractors to inform CISA of cyber incidents and formalize the role of CISA as the operational federal cybersecurity lead, according to the report.

The Senate panel also listed some of its findings. The average information security maturity letter grade assigned by inspectors general to federal agencies was a C-.

The committee found that of the eight agencies reviewed, DHS was the only agency to adopt an “effective cybersecurity regime” in 2020. The panel also identified cyber weaknesses among agencies, including the use of systems without authorization to operate, failure to immediately roll out security patches and other vulnerability remediation controls and inability to protect personally identifiable information.

Supply Chain Cybersecurity: Revelations and Innovations

ExecutiveBiz, sister site of GovConDaily and part of the Executive Mosaic digital media umbrella, will host a virtual event about securing the supply chain on Oct. 26. Visit ExecutiveBiz.com to sign up for the “Supply Chain Cybersecurity: Revelations and Innovations” event.

You may also be interested in...

Cybersecurity

DHS, NIST List Goals for Cyber Best Practices

The Department of Homeland Security (DHS) and the National Institutes of Standards and Technology (NIST) have jointly classified cybersecurity practices into nine categories as bases for cyber performance goals. The nine categories each have specific objectives with regard to how secure control systems are operated and deployed, NIST said Thursday.