The Senate Homeland Security and Governmental Affairs Committee voted today to approve legislation for a major revamp of the Federal Information Security Modernization Act (FISMA), and a bill that would require Federal agencies to inventory their older, legacy IT systems and work on plans to modernize them.
FISMA Bill Details
By a vote of 8-1, committee members approved the Federal Information Security Modernization Act of 2023. The bill, sponsored by committee Chairman Gary Peters, D-Mich., and Sen Josh Hawley, R-Mo., tracks closely with the provisions of FISMA reform legislation approved by both chambers in 2022, but which ultimately failed to reach the finish line.
The committee’s vote sends the bill to the full Senate for consideration. But the measure may get its vote very quickly – as soon as the next couple of days – as Senate Majority Leader Chuck Schumer, D-N.Y., submitted the FISMA bill as a standalone amendment to the Senate version of the FY 2024 National Defense Authorization Act (NDAA), which the Senate is set to vote on by the end of this week.
The latest version of the FISMA update legislation – filed in both the House and Senate earlier this month – would, among many other provisions, codify into Federal law the position of Federal Chief Information Security Officer (CISO) at the Office of Management and Budget (OMB), and require the appointment of dedicated chief privacy officers at Federal agencies. The bill, its sponsors said, also would:
- Support more effective cybersecurity practices throughout the Federal government;
- Improve coordination between OMB, the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the National Cyber Director, and Federal agencies and contractors in addressing online threats;
- Require Federal civilian agencies to report all cyberattacks to CISA, and major cyber incidents to Congress;
- Provide CISA with additional authorities to respond to breached incidents on Federal civilian networks;
- Codify portions of President Biden’s 2021 cybersecurity executive order to enforce higher level security protections for Federal information systems; and
- Require OMB to develop guidance for Federal agencies “so they can efficiently allocate the cybersecurity resources they need to protect their networks.”
Legacy IT Bill
Separately, HSGAC also voted 8-1 to advance the Legacy IT Reduction Act that would push Federal agencies to develop detailed inventories of their legacy IT systems and plans to modernize them.
The bill, sponsored by Sens. Maggie Hassan, D-N.H., and John Cornyn, R-Texas, would give Federal agencies two years to come up with IT modernization plans, and update them every five years after that. The bill would require the OMB to issue guidance to assist agencies with identifying legacy IT, and how to modernize systems.
The legislation does not, however, deal with any ways to fund proposed IT modernization efforts at agencies.
“Too many of the government technology systems that we rely on every day are not up to today’s standards,” said Sen. Hassan last month. “Updating these systems is a commonsense way to help strengthen cybersecurity, improve taxpayers’ experience using these systems, and ultimately save taxpayer dollars.”
“Outdated IT systems are an inefficient use of taxpayer dollars and a threat to the Federal government’s cybersecurity,” said Sen. Cornyn. “This commonsense bill would modernize these systems and ensure we’re investing in technology that is secure, user-friendly, and fiscally responsible.”
Grants Management Bill
Finally, the committee voted to approve the Streamlining Federal Grants Act introduced earlier this month by Sen. Peters to improve the administration of grant programs across the Federal government.
“Governments and organizations in small and rural communities often struggle when applying for federal grants because they lack the necessary resources to navigate a complicated application process,” the senator’s office said, adding that the bill “would simplify and streamline this application process to increase access to federal grants for all communities.”
“Complicated and outdated processes to apply for federal grants often result in underserved communities missing out on opportunities to receive critical funding,” Sen. Peters said. “This bipartisan legislation will help modernize this process and make sure every community in Michigan and across the nation has an equal opportunity to receive federal funding.”