On Friday, May 28, 2010, the House approved the National Defense Authorization Act, which includes an amendment that is an amalgamation of the Federal Information Security Amendments Act of 2010, HR 4900 (which was approved last week by the House Oversight and Government Committee), and the Executive Cyberspace Authorities Act, HR 5247. The amendment includes a number of cyber security-related items such as:
- Creating a National Office for Cyberspace within the White House headed by a Senate-approved director, to coordinate and oversee the security of agency information systems and infrastructure. This office will have strong budgetary oversight powers that are backed by financial pay-for-performance authorities, and are accountable to Congress.
- Establishing a Federal Cyber security Practice Board within the cyberspace office to develop policies and procedures for agencies to adhere to in meeting FISMA statutory requirements and to oversee the implementation of approved standards and guidelines developed by the National Institute of Standards and Technologies.
- Requiring agencies to undertake automated and continuous monitoring of their systems to ensure compliance and identify deficiencies and potential risks.
- Ordering agencies to obtain annual independent audits of their information security programs to determine their overall effectiveness and compliance with FISMA requirements.
It just so happens that the National Defense Authorization Act is the same bill that includes another amendment to eliminate the military's "don't ask, don't tell" policy. That controversial amendment could jeopardize the overall bill's passage due to potential resistance by senators who don't want to end don't ask, don't tell.