Federal Security Goes Realtime

White House Cybersecurity  Coordinator Howard Schmidt.

The US Federal government is shaping up to require agencies to file real time reports on their information security to a central website under a new set of continious reporting requirements outlined here. This new initiative will build upon the 2002 FISMA legislation but will bring more automation to the collection of compliance and risk information and with a central point of real time collection. The memo requires that agencies will file this information through a structred data feed on at least a monthly basis.

This is an interesting development for regulations, compliance and risk management in general. One of the greatest challanges facing the audit orientated approach to risk and compliance is the fact that it is always historic. Gaining real time situational awareness on the levels of compliance and identifying risk in realtime requires an automated process that can gather information directly from all entities subject to the compliance standard. Only then can you begin to understand the effect compliance is having on risk.