The House has passed by voice vote HR-4257, the Federal Information Security Amendments Act of 2012, which would mandate continuous security monitoring on federal IT systems.
Sponsored by House Oversight and Government Reform Committee chair Darrell Issa, R-Calif., and oversight subcommittee ranking member Elijah Cummings, D-Md., the bill expands the term "information security" to include authentication, or the “use of digital credentials to assure users’ identities and validate access.”
It makes agencies responsible for maintaining sufficient personnel with security clearances and directs senior agency officials to continuously test and evaluate information of security controls and techniques, as well as carry out threat assessments by monitoring information infrastructure and identifying potential system vulnerabilities.
The bill directs agencies to collaborate with OMB and appropriate public and private sector security operations centers on security incidents that extend beyond the control of an agency.
It also would require security incidents to be reported to appropriate security operations centers and agency inspectors general through an automated and continuous monitoring capability, as well as require each agency to delegate to its CIO the authority and primary responsibility for developing, implementing, and overseeing an agency-wide information security program that includes automated and continuous monitoring.
