Full Text

A bill under consideration in the Senate Homeland Security and Governmental Affairs Committee would elevate information security governmentwide by requiring agencies to continuously monitor and measure critical criteria.

The Federal Information Security Management Act of 2008, S. 3474, which builds on the original 2002 FISMA legislation, promises to raise the bar for agencies to prove that they are adequately protecting sensitive information as foreign countries and global cyber villains become more sophisticated at attacking government networks.

The committee plans to vote on the legislation Sept. 23, a committee spokesman said.

Among its key provisions, the legislation would establish a Chief Information Security Officers Council that would develop best practices and standard measures for the most critical controls for agency information security. Also, those measures would be scrutinized continuously, said Alan Palier, research director of the SANS Institute.

"It means there are certain criteria that you have to watch all the time, not once a year, or once a quarter," he said. "These continuously monitored, ultrahigh-important metrics make the difference between your system being open for attack or hard to break into."

Sen....