The Federal Energy Regulatory Commission has spent almost $4 million on cybersecurity in fiscal 2011, but the agency still hasn't fully implemented all of the security guidelines mandated by the Federal Information Security Management Act — or FISMA.

Sanjay Sardar, FERC's CIO, joined In Depth with Francis Rose to discuss the agency's FISMA stance.

He said the commission actually is FISMA-compliant, according to a 2011 cybersecurity audit. However, he noted some controls are still being worked on.

The difference between being FISMA-compliant and secure is complicated, Sardar suggested.

And he cited some budget constraints are holding the agency back.