The ranking member of the House Homeland Security Committee said the report shows a need for "common sense steps in efficiency and efficacy" at DHS in fulfilling its role as the primary agency charged with securing federal government systems from cyberattack.
Rep. Bennie Thompson, D-Miss., stated he found it "puzzling" that DHS has not done more to ensure the contractors on which the department relies for cybersecurity are properly trained.
The report recommends that DHS coordinate with OMB to develop a strategic implementation plan which identifies long-term goals and milestones for federal agency FISMA compliance.
It also recommends that the department update and finalize internal operating procedures and guidance documents to ensure that cyber responsibilities and procedures are clearly defined, improve communication and coordination with agencies by providing additional clarity regarding the FISMA reporting metrics, and implement a process to analyze and provide detailed feedback to agencies concerning monthly vulnerability data feeds.
The report further recommends DHS establish a process to ensure that all CyberScope contractor system administrators have received adequate security training in compliance with applicable DHS, OMB, and National Institute of Standards and Technology guidance, and implement all required DHS baseline configuration settings on the CyberScope database.