OMB to require more reviews

2002 OMB GISRA guidance

Agencies must evaluate the effectiveness of their information security programs periodically throughout the year, rather than simply conduct an annual review, according to guidance the Office of Management and Budget plans to release next month.

The guidance will highlight new requirements set out under the latest security legislation, the Federal Information Security Management Act (FISMA) of 2002, which was passed last December as part of the E-Government Act of 2002.

Because of the similarities between FISMA and its predecessor, the Government Information Security Reform Act (GISRA) of 2000, the new guidance is designed to make sure agencies understand all the little changes, said Kamela White, security policy analyst at the Information Technology Policy Branch of OMB's Office of Information and Regulatory Affairs. She was speaking March 12 at a meeting of the Information Security and Privacy Advisory Board.

The increased frequency of self-evaluation is one change agencies may be concerned about. It will be difficult for agencies to balance their requirements against the scarce resources and funding in the security arena, board members said. But the National Institute of Standards and Technology is developing guidance now to help agencies determine the most efficient way to do this, said Ron Ross, program manager of the system certification and accreditation program in NIST's Computer Security Division.

OMB's new guidance also will expand on the performance measures first included in last year's GISRA, which included such metrics as how many systems have undergone certification and accreditation.


  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

  • Workforce
    online collaboration (elenabsl/

    Federal employee job satisfaction climbed during pandemic

    The survey documents the rapid change to teleworking postures in government under the COVID-19 pandemic.

Stay Connected