OMB mulls adding information security requirements to budget regs

The Office of Management and Budget is looking at ways to better incorporate security into agencies' funding requests for information technology systems, including revising regulations governing how agencies formulate their budgets.

At most agencies, security is added to information systems and architectures long after the technology is in place. That leaves agencies with vulnerabilities and management issues that cannot be solved unless security is built into the systems, said Glenn Schlarman, policy analyst at OMB's Office of Information Policy and Technology, speaking Tuesday in Falls Church, Va., at a conference sponsored by the General Services Administration's Office of Information Security.

"For the security of a system, [information security] fundingemust be woven into the funding of the [entire] system," he said.

To make security a more fundamental part of agency IT system development starting in fiscal 2001, OMB is studying ways to revise Circular A-11, the document regulating how agencies develop their budget estimates for the president.

"Security will, in all likelihood, be part of that next year," Schlarman said.

Many agencies have called on Congress and OMB to develop emergency or supplemental money for security, similar to the funding offered for solving last-minute Year 2000 problems. But that kind of approach is not going to work for something as broad and complex as information and systems security, Schlarman said.

"If we look at security as a standalone thing that requires a pot of money, then we miss the mark," he said.

Featured

  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/Shutterstock.com)

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected