Survey respondents want budgets for better and faster equipment and to see a shift in focus from FISMA compliance toward assistance, risk evaluation and technical solutions to secure networks, or, "securing the perimeter," according to the report.
They also would like stronger accountability for end user unauthorized disclosure, and to eliminate "the score card mindset," in one respondent’s words, while others identified "rote compliance documentation," and a lack of "clear requirements that need to be met for different risk levels" as problems.
Respondents reporting an inadequate check-the-box approach while others are seemingly critical of the ambiguity of requirements that need to be met underscore the difficulty of such a massive undertaking.
However, there was some positive feedback for FISMA. Of those respondents that say their agencies are able to effectively thwart cyber attack, 51 percent say their agencies are fully compliant with FISMA versus just 10 percent that don’t.
Nonetheless, "Agency leadership needs to back cyber security pros to make real changes to how Feds train, manage, and internalize cyber security controls," the report concludes. It is available at www.meritalk.com.
