Weekly Wrap-Up
Week of August 2, 2021
FISMA Reform Begins to Take Shape
Senate Committee Calls for FISMA to be Revamped
(FedScoop) The Senate Committee on Homeland Security and Governmental Affairs has identified continued major cybersecurity failings across agencies and is calling for the Federal Information Security Modernization Act (FISMA) to be reformed.

A new report published Tuesday identifies IT security flaws across almost every major U.S. government department, including the failure to secure citizens’ personal and financial data and the inability to keep track of thousands of items of IT equipment.
Senate Report Advocates FISMA Reforms After Finding Slow Progress on Agency Cybersecurity
(Federal News Network) A new Senate report is making the case for reforms to the law governing federal cybersecurity standards, after finding multiple federal agencies made just “minimal improvements” over the past two years in their efforts to comply with the requirements.

The report, released by leaders of the Homeland Security and Governmental Affairs Committee today, follows up on a 2019 document that found eight federal agencies were out of step with federal cyber standards, putting sensitive data at risk.
Federal CISO DeRusha Maps FISMA Reform Priorities
(MeriTalk) Federal Chief Information Security Officer (CISO) Chris DeRusha today offered an expansive set of ideas for how Congress may undertake reform of the Federal Information Security Modernization Act (FISMA) of 2014 to bring the existing law up to speed with the fast-moving security improvement work underway throughout the Federal government following the release of President Biden’s cybersecurity executive order in May.

DeRusha – whose office is taking a large role in implementing the executive order – has been on the record for possible changes to FISMA, but his discussion of the issue on July 21 at CrowdStrike’s Fal.Con for Public Sector 2021 event offered a more detailed picture of what the Federal CISO would like to see.
Here's How the White House Wants to Reform Cybersecurity Management for Agencies
(Federal News Network) The White House wants to change how it manages agency cybersecurity efforts by shifting away from self attestation and compliance approaches to more continuous monitoring of networks and outcome-focused measurements, according to the federal chief information security officer (CISO).

The Office of Management and Budget is ensuring agencies are providing the data called for in May’s cybersecurity executive order with some “strict governance,” according to Chris DeRusha, the federal CISO at OMB.

“We’re measuring and dashboarding the data call layer first, the practical things — are people doing what we asked them to do on the timelines we’ve asked them to do it,” DeRusha said during a July 28 event hosted by Oracle.
Infrastructure Bill Threatened by August Recess
Senate Scrambles to Pass Infrastructure Bill This Week After House Leaves for August Break
(NBC News) Senators worked through the weekend to prepare the text of an infrastructure package for a vote this week after House members left for their August recess without advancing an extension of the eviction moratorium.

The two measures are just some of the items left unresolved as members packed their bags, prompting protests from progressive lawmakers over the failure to protect millions of renters across the country at risk of eviction even as Covid case numbers continue to surge.
Schumer Weaponizes August Recess to Advance Biden Agenda
(Politico) Chuck Schumer doesn’t have to be the bad guy in the Senate’s infrastructure debate. The calendar is doing that job for him.

With the upper chamber closing in on President Joe Biden’s long-sought, $550 billion bipartisan infrastructure plan and readying a budget to set up a companion $3.5 trillion domestic spending plan, the majority leader is letting the simple threat of his members missing state fairs and overseas delegations drive the result. August in Washington isn’t any senator’s idea of a good time.
Cybersecurity & Compliance
TMF Board Still Accepting Governmentwide Cyber Proposals
(NextGov) Federal projects to improve cybersecurity at multiple agencies in a single go have a good chance at getting money from the Technology Modernization Fund with little to no payback requirement, program leaders said this week.

The TMF, established in 2017 as part of the Modernizing Government Technology Act, was initially established as a multimillion-dollar fund to support IT upgrades with short-term loans. However, the nature of the TMF changed significantly earlier this year after the American Rescue Plan stimulus package added $1 billion to the fund.
FedRAMP Just Automated Checking Security Authorization Packages for Completeness
(FedScoop) The General Services Administration plans to release XML-automated validations next week allowing vendors to check their security authorization packages for completeness before submitting them to the Federal Risk and Authorization Management Program.

FedRAMP used Schematron’s rule-based validation for making assertions against XML to automate the process and wants vendors to self-test their packages to ensure all the required data is there, before the program reviews them and decides whether to issue a cloud product an authority to operate (ATO).
Member News
How Automated Analytics Can Improve Digital Services, Security and Workflows
(FedScoop) As leaders at federal civilian, health and defense agencies continue to grapple with the explosion of data coming at them from all directions, the need for more robust platforms, capable of managing and making sense of all that data, has taken on new urgency.

The good news is, a new generation of AI-assisted IT operations (AIOps) platforms and intelligent analytics platforms — as well more advanced security orchestration, automation and response (SOAR) solutions — are giving agencies powerful new capabilities to keep up with that data, according to a new report from FedScoop.
Telos Acquisition Adds Capabilities to its Biometric Systems
(Washington Technology) In its first acquisition since going public last year, Telos Corp. has made a deal to enhance its biometrics and digital identity products by adding new intellectual property around contactless biometric readings.

Telos isn’t disclosing financial details of its asset purchase of Diamond Fortress Technologies, but did say the deal includes all patents that will be added to Telos’ intellectual property library.

Ashburn, Virginia-headquartered Telos will integrate Diamond’s Onyx touchless fingerprint software with Telos’ IDTrust360 platform.
If you would like to have your story featured in ADI's Member News, please contact ADI's Policy & Communications Manager, Jaishri Atri.
Questions? Inquiries? Please e-mail: [email protected]