Coose Up To Bat for FISMA

Two weeks ago, Matt Coose, director of federal network security at the Homeland Security Department, was charged with enabling 110 federal agencies to do continuous monitoring based on the new Federal Information Security Management Act requirements.

The responsibility came from federal Chief Information Officer Vivek Kundra, a step toward bringing federal agencies out of the dark ages of compliance by paper. The idea isn't new, but the implementation is at the starting line. It's important Coose does this right and doesn't let anyone lag behind, even if the culture of Washington blows a heavy headwind as he paddles upstream.

"Fiscal year 2010 is a year of transition," said Coose, "but we're definitely leaning forward and trying to be as aggressive as we can."

One of Coose's first tasks will be to conduct agency interviews to determine the unique security challenges, needs and capabilities, risk-based security maturity models and priorities of each agency. The interviews will be with agency CIOs and CISOs this July and August, administered by DHS and the National Institute of Standards and Technology.

"By aligning FISMA with the move and direction of continuous monitoring and mature capabilities, the potential benefit is agencies will see more resources come there way," Coose said.

This involves, but is not limited to, working closely with NIST and leveraging best-of-breed solutions.

"What we really want to do is align the questions we're asking, activities being reports and what we request," Coose said.