The Executive Office of the President should be required to produce an annual FISMA cybersecurity report, but it’s unlikely one will be released anytime soon, a House Oversight and Government Reform Committee lawmaker told FedScoop.
The committee’s leadership sent EOP a letter last week requesting a copy of an annual report mandated by the Federal Information Security Management Act, after federal CIO Tony Scott argued before the panel earlier this year that the office was exempt. And while Rep. Mark Meadows, R-N.C., said he thinks the administration will reply to the committee by the letter’s Aug. 9 deadline, he doesn’t expect the response will include the report.
“I don’t anticipate that we’ll get the report because it was apparent from the hearing that they have not engaged in believing that the statute applied to them,” Meadows said.
FISMA requires that agencies produce an annual audit on its information security. The Oversight Committee’s letter — signed by Republican chairman Rep. Jason Chaffetz of Utah and the committee’s senior Democrat Rep. Elijah E. Cummings of Maryland — argued that EOP has an obligation to submit the report.
“It is especially troubling that EOP has yet to submit its complete FISMA report to the Committee, given the agency’s central role in overseeing other federal agencies’ FISMA compliance,” the letter said. “EOP should be setting an example for agencies in complying with federal information security requirements, not failing in its own compliance with the law.”
Daniel Schuman, policy directer of grassroots civil engagement group Demand Progress, said it’s good practice for agencies to reply to requests for information. But, while the Oversight Committee has a constitutional right to inquire about the audit, EOP is not necessarily compelled to provide it, he said.
“This doesn’t appear to be a subpoena for a person or for information but rather a request letter. So the Executive Office of the President is not legally required to respond, but as a general rule, and as a general principle, they should respond,” Schuman said.
Meadows said having the report would help lawmakers “address any particular deficiencies in a meaningful way” during the appropriations process.
“It’s making sure we have a measurable matrix, that would say we’re addressing this particular area, we’ve got work to do in the following three areas,” Meadows said.
He added, “I don’t see this as a divisive issue.”
Schuman noted the letter was signed by committee leaders from both parties and said that the committee could subpoena for the information if it doesn’t get what it wants.
“Although, if you get to that point, that’s really not a good sign,” Schuman said.