MITRE’s Dave Powner and Mark Peters have three recommendations for Congress on updating federal cybersecurity legislation, as they outline in their editorial in NextGov.
By the authors’ assessment, the White House has moved far ahead of Congress on federal cybersecurity policy, though Congress has taken some important steps.
They write:
Both congressional chambers have focused on incident reporting legislation and on revamping the Federal Information Security Modernization Act of 2014. Currently, two bills are in play to update FISMA—H.R. 6497 and S. 3600.
As these bills are reconciled between the two chambers, Congress has a tremendous opportunity to improve the federal government’s overarching cyber legislation by:
- Aligning with executive branch priorities and strategies for federal cybersecurity,
- Focusing on getting to the left of incidents (prevention and detection activities), and
- Streamlining and improving reporting, auditing, and congressional oversight.
The top area where Congress and the administration need to align is zero-trust implementation.