OMB’s FY 2010 Report to Congress on FISMA Implementation explained that federal agencies are increasingly the focus of cyberattacks.
While numerous malicious campaigns impacted the Federal government, private sector partner organizations, and the general public alike, the Federal-only incident number indicated that the Federal incidents trend was up approximately 39% from FY 2009, even when the overall incidents trend was down approximately 1% for the same period
The OMB report also highlighted both the crucial role of continuous monitoring in defending federal systems and agency shortcomings in their continuous monitoring performance.
A well-designed and well-managed continuous monitoring program can effectively transform an otherwise static security control assessment and risk determination process into a dynamic process that provides essential, near real-time security status-related information to organizational officials.
However, OMB also informed Congress that
Based on the IGs’ reviews, agencies’ continuous monitoring programs needed the most improvement of any area programs. Two agencies entirely lack continuous monitoring programs, while seven IGs reported that their agencies’ programs were fully compliant, and 15 others needed to implement significant improvements to make their programs fully compliant. Of those 15 agencies, at least 10 IGs identified the following two problems:
- Continuous monitoring procedures were not fully developed, sufficiently detailed, or consistently implemented;
- Ongoing assessments of selected security controls had not been performed.
The entire OMB report is attached below.