Improved Metrics Should be Primary Goal of FISMA Reform

2012 will mark the 10-year anniversary of FISMA which was signed into law as part of the E-Government Act of 2002. As we approach this milestone, it seems clear that agencies are better off today than they were 10 years ago, but more progress is needed. In particular, FISMA should be improved so that agencies report on security performance, not just security compliance.