"OMB Drops New Cybersecurity Metrics in Time for FITARA Hearing"

The Office of Management and Budget (OMB) has released a new "progress report" on the condition of cybersecurity across federal agencies. The progress report offers new cyber metrics generated from the Federal Information Security Modernization Act (FISMA) metrics to the public and key stakeholders, including Congress. Notably, the cyber progress report may become a future Federal Information Technology Acquisition Reform Act (FITARA) Scorecard category, representing a form of development from the existing FISMA-centric cyber category. The new cybersecurity progress report category is a "preview" on the committee's most recent scorecard, meaning that it does not figure into the latest set of scores. The category offers each agency a percentage score for their cybersecurity progress, ranging from 68 percent for the Department of the Interior to 94 percent for the General Services Administration (GSA) on the most recent scorecard. In accordance with the National Institute of Standards and Technology's (NIST) Cybersecurity Framework, the metrics for this category are organized into the following five categories: Identify, Protect, Detect, Respond, and Recover. Except for the "Protect" category, which is weighted at 40 points, the percentage value total result of each category is weighted at 15 points. OMB stated that the Protect category has more weight than other categories since it contains more criteria, such as the adoption of multi-factor authentication (MFA) and data encryption. This article continues to discuss the progress report on the state of cybersecurity across federal agencies and the new FITARA Scorecard.

MeriTalk reports "OMB Drops New Cybersecurity Metrics in Time for FITARA Hearing"