The House passed the Cyber Intelligence Sharing and Protection Act Thursday, creating a voluntary system for private organizations to provide national security agencies with cyber threat information.
In addition to CISPA, the House also reached an accord to pass a bill updating the Federal Information Management Security Act of 2002, GovInfo Security reports.
The Federal Information Security Amendments Act, passed by voice vote, will go to the Senate along with the Cybersecurity Enhancement Act and the Networking and Information Technology Research and Development reauthorization bill.
According to the report, the FISMA update bill reinforces the Office of Management and Budget’s role regarding information technology security governance.
Under the FISMA update, federal agencies would be required to implement continuous monitoring and automated cyber systems to mitigate any risk before an attack occurs.
Senior agency officials would be responsible for conducting continuous monitoring and evaluating security controls, techniques and measures used.
Current legislation only requires officials to periodically evaluate network infrastructure but the updated law would require multiple threat assessments for system vulnerabilities and reporting.
Law requirements include authentication and extending security measures, delegating information security oversight to chief information officers and adherence to National Institute of Standards and Technology Act standards.
House legislative language calls for agencies to collaborate with others as well as with private sector security operations centers.
The Senate’s version of the FISMA update fall under the Cybersecurity Act of 2012, giving more authority to the Department of Homeland Security to determine IT security policy.
Senators have not scheduled a time to debate the Cybersecurity Act and any bill differences will likely be resolved in a conference with House lawmakers, the report notes.