Wednesday, October 6, 2021

Review - S 2902 Introduced – FISMA Update

Last month, Sen Peters (D,MI) introduced S 2902, the Federal Information Security Modernization Act of 2021. This is an update of the FISMA program that was initiated in 2002. While not technically a reauthorization bill, this is part of periodic update process for that program. The actions required in this bill apply to Federal government agencies, not private sector entities.

There are, however, three sections of this bill that may be of interest to private sector cybersecurity managers and cybersecurity researchers:

§204. Data and logging retention for incident response.

§208. Codifying vulnerability disclosure programs.

§303. Security operations center as a service pilot.

This bill will be considered by the Senate Homeland Security and Governmental Affairs Committee later today. The bill, probably after amendment, will be approved by the Committee with substantial bipartisan support. This bill will likely be passed in the Senate.

For more details about the sections identified above, see my article at CFSN Detailed Analysis - - subscription required.


No comments:

/* Use this with templates/template-twocol.html */