House panel’s FISMA reform bill draft directs agencies to move toward ‘risk-based’ cybersecurity

A draft House bill to reform the FISMA program emphasizes moving the federal government to a “risk-based cybersecurity posture” where agencies are focused on outcomes with risk assessments and utilizing “next generation security principles” such as zero trust and transitioning to the cloud.

The bill, put out as a “discussion draft” by House Oversight Committee leaders, takes into consideration the changing cybersecurity environment since the Federal Information Security Management Act was last updated in 2014. The bill is companion...