Fed Study: 85 Percent Of Agencies Still Not Using CyberScope
New standard for continuous security monitoring still confuses federal IT security leaders
CyberScope is supposed to be the federal government's new standard tool for continuous security monitoring. So far, however, the vast majority of federal CIOs say they don't understand the technology's mission and goals, and only 15 percent have used it at all.
The deadline for filing FISMA security compliance reports using the new CyberScope tool is Nov. 15.
According to a study published this week by MeriTalk, a government IT community, the few agencies that have implemented CyberScope give the tool high marks. But 85 percent of the federal IT executives surveyed said they have not deployed it yet.
In fact, 72 percent of the federal IT executives surveyed said they do not have a clear understanding of CyberScope's mission and goals. Ninety percent do not have a clear understanding of the submission requirements.
The survey results may surprise some in the federal IT space, where some agencies have begun to eschew complex, paper-based FISMA security compliance reporting projects in favor of the "continuous monitoring" concept, where CyberScope provides key functionality. Some 69 percent of the survey respondents said they are unsure if this new approach will result in more secure federal networks.
The report, underwritten by ArcSight, Brocade, Guidance Software, McAfee, Netezza, and immixGroup, suggests that the Office of Management and Budget (OMB) "must increase communication, clarify submission requirements, and provide training for the reporting protocol shift in order to achieve CyberScope's goals of enhanced oversight and reporting simplification," the study says.
"Clearly, FISMA needs reform," says Steve O'Keeffe, founder of MeriTalk. "That said, the communication about that new approach has been spotty, at best."
Joe Gottlieb, CEO of security information and event management company SenSage, says the CyberScope needs more time to develop. "Cyberscope is an ambitious project, and the data suggests that many Federal security leaders question its value," he says. "However, the overall concept has merit, and underscores the need for more open data architectures in the security and compliance industry."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author
You May Also Like