Bill > HR1163

Introduced Session

Federal Information Security Amendments Act of 2013 - Amends the Federal Information Security Management Act of 2002 (FISMA) to reestablish the oversight authority of the Director of the Office of Management and Budget (OMB) with respect to agency information and security policies and practices. Extends the security requirements of federal agencies to include responsibilities for: (1) complying with computer standards developed by the National Institute of Standards and Technology (NIST); (2) ensuring complementary and uniform standards for information systems and national security systems; (3) ensuring that information security management processes are integrated with budget processes; (4) securing facilities for classified information; (5) maintaining sufficient personnel with security clearances; and (6) ensuring that information security performance indicators are included in the annual performance evaluations of all managers, senior managers, senior executive service personnel, and political appointees. Directs senior agency officials, with a frequency sufficient to support risk-based security decisions, to: (1) test and evaluate information security controls and techniques, and (2) conduct threat assessments by monitoring information systems and identifying potential system vulnerabilities. (Current law requires only periodic testing and evaluation.) Directs agencies to collaborate with OMB and appropriate public and private sector security operations centers on security incidents that extend beyond the control of an agency. Requires that security incidents be reported, through an automated and continuous monitoring capability, when possible, to the federal information security incident center, appropriate security operations centers, and agency Inspector General. Directs agencies to conduct vulnerability assessments and penetration tests commensurate with the risk posed to agency information systems. Requires each agency to delegate to its Chief Information Officer the authority and primary responsibility for developing, implementing, and overseeing an agencywide information security (AIS) program. Directs agencies to implement an OMB-approved AIS program that is consistent with components across and within agencies. Requires that such program include automated and continuous monitoring, when possible, to: (1) mitigate risks associated with security incidents before substantial damage is done; and (2) notify and consult with the incident center, appropriate security operations response centers, law enforcement agencies, Inspectors General, and other entities or as directed by the President.

AI Summary

Committee Categories

Darrell Issa (R)*,  Jason Chaffetz (R),  Gerry Connolly (D),  Elijah Cummings (D),  John Mica (R),  John Tierney (D), 

Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (on 04/17/2013)

Official Document