From: FISMA Focus
FISMA Focus Editor’s Note: The Center for Strategic and International Studies’ paper “Updating U.S. Federal Cybersecurity Policy and Guidance” by Franklin S. Reeder, Daniel Chenok, Karen S. Evans, James A. Lewis, and Alan Paller is attached here. The must-read analysis, subtitled “Spending Scarce Taxpayer Dollars On Security Programs That Work” calls for a long-overdue revision to OMB Circular A-130 which governs federal information security policy.
The document’s conclusion that “that the administration, and OMB in particular, have ample legal authority to adopt reforms that would materially reduce risk and enhance response for systems operated by or on behalf of the federal government” is consistent with CRE’s view that OMB may already have the authority to implement critical infrastructure protection regulations. The paper’s emphasis on spending cybersecurity dollars wisely is consistent with CRE’s emphatic point the cost-effectiveness is critical to making cybersecurity regulation work.