FISMA one step closer to overhaul

Tuesday - 6/1/2010, 5:06pm EDT

Cybersecurity Update - Tune in weekdays at 30 minutes past the hour for the latest cybersecurity news on The Federal Drive with Tom Temin and Amy Morris (6-10 a.m.) and DorobekInsider with Chris Dorobek (3-5 p.m.). Listen live at FederalNewsRadio.com or on the radio at 1500 and 820 AM in the Washington, D.C. metro area.

  • The House took a major step forward to overhaul federal cybersecurity policy by passing the Defense Authorization Bill. The legislation includes and amendment to update the Federal Information Security Management Act, (FISMA). The new cybersecurity guidance will introduce performance based standards and guidelines. This is a marked changed from the current compliance based standards. But already cybersecurity experts are cautioning against the FISMA reforms. They says that although FISMA has improved cybersecurity, the overall results were not that impressive. Proponents of the bill hope to pass the full measure before the August Congressional Recess.

  • Carnegie Mellon University's CERT (Computer Emergency Response Team) has released a basic fuzzing framework to help identify and eliminate security vulnerabilities from software products. ThreatPost.com reports that the Basic Fuzzing Framework (BFF) is described as a simplified version of automated dumb fuzzing and includes a Linux virtual machine that has been optimized for fuzz testing and a set of scripts to implement a software test. Fuzz testers, or fuzzers, are used by security researchers to find vulnerabilities by sending random input to an application.

Check out all of Federal News Radio's coverage of cybersecurity issues here.