A piece of federal legislation known as the Federal Information Management Security Act (FISMA), is making its way through the constitutional requirements for full adoption. Most recently, it passed the House of Representatives via Voice Vote. The FISMA bill would provide updates to the law, which was first enacted a decade ago in 2002.
Over the course of the past ten years, a great deal has changed in the computer world. The new legislation is an attempt to address those changes so that the IT systems and data in use by federal agencies will remain secure. Although the legislation is targeted at government agencies, there is much truth in the old adage that ‘what is good for the goose is good for the gander’. In the case of FISMA, the issues under discussion include continuous monitoring of IT assets.
Continuous monitoring involves a level of engagement with IT resources that is unwieldy and impractical for small and medium-sized businesses to implement on their own. These types of companies can still implement it, however, by using a managed services model for IT support. In this model, an IT company provides support and assistance via remote means, connecting with computers and networks remotely through the internet as needed to see to the ongoing needs of a business. A managed services model can incorporate elements of continuous monitoring so that problems in the network or systems are detected as soon as they occur.
It remains to be seen whether continuous monitoring will become the law of the land for federal agencies. Regardless of the legislation's ultimate fate, however, this technology can greatly assist private businesses to keep their IT assets working at full capacity.