No security, no OMB money

Starting with the fiscal 2002 budget, the Office of Management and Budget

will not pay for systems that have not adequately incorporated security

measures into their information systems.

In a Feb. 28 memorandum to agency heads, OMB Director Jacob Lew outlined

five principles to compel agencies to consider computer security and critical

infrastructure protection programs as they build systems.

Under the new policy, security must:

* Be tied to agencies' information architectures.

* Be well-planned by demonstrating that costs are included in life-cycle

planning systems.

* Manage risks by demonstrating that specific methods and controls are

in place.

* Protect privacy and confidentiality by using security controls and

authentication tools for public access that adheres to government and agency

policies.

* Account for departures from security guidance from the National Institute

of Standards and Technology, the agency designated as the lead for non-national

security applications.

"In general, OMB will consider new or continued funding only for those

system investments that satisfy these criteria and will consider funding

information technology investments only upon demonstration that existing

agency systems meet these criteria," the memo states.

Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected