Federal Information Security Modernization Act

FISMA 2014 codifies the Department of Homeland Security’s role in administering the implementation of information security policies for federal Executive Branch civilian agencies, overseeing agencies’ compliance with those policies, and assisting OMB in developing those policies.

The legislation provides the Department authority to develop and oversee the implementation of binding operational directives to other agencies, in coordination and consistent with OMB policies and practices. It also:

• Authorizes DHS to provide operational and technical assistance to other federal Executive Branch civilian agencies at the agency’s request;
• Places the federal information security incident center within DHS by law;
• Authorizes DHS technology deployments to other agencies' networks (upon those agencies' request);
• Directs OMB to revise policies regarding notification of individuals affected by federal agency data breaches;
• Requires agencies to report major information security incidents as well as data breaches to Congress as they occur and annually; and
• Simplifies existing FISMA reporting to eliminate inefficient or wasteful reporting while adding new reporting requirements for major information security incidents.

The Federal Information Security Modernization Act of 2014 amends the Federal Information Security Management Act of 2002 (FISMA).