The Federal Information Security Modernization Act of 2014 (FISMA 2014) updates the Federal Government's cybersecurity practices by:
- Codifying Department of Homeland Security (DHS) authority to administer the implementation of information security policies for non-national security federal Executive Branch systems, including providing technical assistance and deploying technologies to such systems;
- Amending and clarifying the Office of Management and Budget's (OMB) oversight authority over federal agency information security practices; and by
- Requiring OMB to amend or revise OMB A-130 to "eliminate inefficient and wasteful reporting."
FISMA 2014 codifies the Department of Homeland Security’s role in administering the implementation of information security policies for federal Executive Branch civilian agencies, overseeing agencies’ compliance with those policies, and assisting OMB in developing those policies.
The legislation provides the Department authority to develop and oversee the implementation of binding operational directives to other agencies, in coordination and consistent with OMB policies and practices. It also:
- Authorizes DHS to provide operational and technical assistance to other federal Executive Branch civilian agencies at the agency’s request;
- Places the federal information security incident center (a function fulfilled by US-CERT) within DHS by law;
- Authorizes DHS technology deployments to other agencies' networks (upon those agencies' request);
- Directs OMB to revise policies regarding notification of individuals affected by federal agency data breaches;
- Requires agencies to report major information security incidents as well as data breaches to Congress as they occur and annually; and
- Simplifies existing FISMA reporting to eliminate inefficient or wasteful reporting while adding new reporting requirements for major information security incidents.
The Federal Information Security Modernization Act of 2014 amends the Federal Information Security Management Act of 2002 (FISMA).
FY18 FISMA Documents
- FY 18 CIO FISMA Metrics Effective FY 2018 Quarter 3
- FY 18 CIO FISMA Metrics (no longer effective)
- FY 18 IG FISMA Metrics
- FY 18 IG FISMA Metrics Evaluation Guide
- FY 18 SAOP FISMA Metrics
FY17 FISMA Documents
FY16 FISMA Documents
FY15 FISMA Documents
- FY15 CIO Annual FISMA Metrics
- FY15 IG FISMA Metrics
- FY15 SAOP FISMA Metrics
- FY15 CIO Q3 FISMA Metrics
- FY15 CIO Q2 FISMA Metrics
- FY15 CIO Q1 FISMA Metrics