New FISMA Report Shows Progress, Gaps in Federal Cybersecurity

New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.

Each year, the Office of Management and Budget (OMB) is required to report to Congress on the state of federal cybersecurity, as per the Federal Information Security Modernization Act of 2014 (FISMA). The latest version of the report, for fiscal 2018, is mostly filled with the sort of information common in previous versions — with one big exception: For the first time since "major incident" was defined, not even one was reported.


That's not to say there were no cybersecurity incidents. In fact, 31,107 were reported in 2018 — but even that number is a 12% decrease from the 35,277 incidents reported in fiscal year 2017.


Kiersten Todt, managing director of the Cyber Readiness Institute, believes investments in government security seem to be paying off. "I do think we have comprehensively, in b ..