Security news that informs and inspires

New Guidance Pushes Federal Agencies Toward Automated Incident Reporting

The White House is changing the way that it requires federal agencies to report security incidents in an effort to automate the process and make incident reporting simpler and more efficient.

Under new guidance issued by the Office of Management and Budget Monday, the Cybersecurity and Infrastructure Security Agency (CISA) will be required to develop a strategy to increase the usage of automated reporting mechanisms, specifically those that use machine-readable data, by the spring of next year. By the end of 2022, CISA will have to give OMB real-time access to incident data. The requirement is included in a broader memorandum issued by OMB that is part of an initiative to modernize and mature the federal security infrastructure and policies.

Currently, nearly half of security incidents at federal civilian agencies are reported manually through the US-CERT website, which requires significant work on the part of analysts. Automated reporting systems are more efficient and allow for quicker response and notification to other agencies that may be affected by the same incident.

“To ensure accurate reporting of information, agencies have historically needed to painstakingly and manually compare their incidents with US-CERT’s account. By late spring of 2022, CISA, in coordination with OMB, will develop a strategy, including any technical standards, to modernize and improve the use of machine-readable incident data and indicators in a manner that communicates directly with agency SOCs and/or incident reporting systems. CISA will provide OMB real-time access to incident information no later than December 2022,” the memorandum says.

“FISMA data collection has long remained an overly manual process that often leads agencies to create complicated spreadsheets and internal processes to respond to questions. As the Federal information security apparatus matures, so should its reporting mechanisms. OMB is emphasizing automation and the use of machine-readable data to speed up reporting, reduce agency burden, and improve outcomes.”

The new guidance is designed to help accelerate the process of modernizing the processes and systems that federal agencies use. In May, President Joe Biden issued an Executive Order that requires federal agencies to make a number of improvements to their cybersecurity infrastructure, including moving to a zero trust architecture. The OMB memorandum is meant as a companion to the EO and much of the focus is on automation and providing better metrics to measure the effectiveness of security controls and programs. One of the new requirements is that CISA work with OMB and the National Institute of Standards and Technology to improve the standards for using machine-readable data as part of the Continuous Diagnosis and Mitigation (CDM) program.

“By April 2022, CISA, in coordination with OMB and NIST, will develop a strategy to continue to evolve machine-readable data standards for cybersecurity performance and compliance data through CDM (or a successor process). This strategy will include a set of metrics (supplementing the existing CIO metrics) based on NIST Standards (e.g., NIST SP 800-53) for controls that can be reported in an automated manner, and will set forth a timeline for when these metrics will be collected automatically,” the guidance says.