Fed Study -- 85 percent of Agencies Still Not Using CyberScope

CyberScope is supposed to be the federal government’s new standard tool for continuous security monitoring. So far, however, the vast majority of federal CIOs said they don’t understand the technology’s mission and goals, and only 15 percent have used it at all. The deadline for filing FISMA security compliance reports using the new CyberScope tool is November 15. According to a study published this week by MeriTalk, a government IT community, the few agencies that have implemented CyberScope give the tool high marks. But 85 percent of the federal IT executives surveyed said they have not deployed it yet. In fact, 72 percent of federal IT executives surveyed said they do not have a clear understanding of CyberScope’s mission and goals. Ninety percent do not have a clear understanding of the submission requirements. The survey results may surprise some in the federal IT space, where some agencies have begun to eschew complex, paper-based FISMA security compliance reporting projects in favor of the “continuous monitoring” concept, where CyberScope provides key functionality. Some 69 percent of survey respondents said they are unsure if this new approach will result in more secure federal networks. The report, underwritten by ArcSight, Brocade, Guidance Software, McAfee, Netezza, and immixGroup, suggests the Office of Management and Budget (OMB) “must increase communication, clarify submission requirements, and provide training for the reporting protocol shift in order to achieve CyberScope’s goals of enhanced oversight and reporting simplification.”