A new cost estimate from the Congressional Budget Office has concluded that implementing the Federal Information Security Amendments Act of 2013 would cost roughly $620 million over four years.
H.R. 1163, which will be considered by the House today, enhances the Federal Information Security Management Act of 2002 by bolstering security for federal IT systems. The bill would add security controls for IT systems governmentwide, requiring agencies to implement continuous monitoring, conduct threat assessments, and maintain secure facilities.
Drawing from information from several major agencies, CBO has estimated adopting H.R. 1163 would cost $620 million over the 2014-2018 period, assuming the necessary amounts are made available from appropriated funds.
Fully implemented, the new activities would add about 1 percent or $150 million a year to the annual cost of implementing FISMA, according to CBO’s April 12 cost estimate.
Although H.R. 1163 states no additional funds are authorized for the intent of implementing the bill, CBO expects agencies would need to spend appropriated resources to adopt the new activities. In the absence of additional appropriations, agencies would spend funds that would otherwise have been spent to perform other responsibilities.