No security, no OMB money -- FCW

Starting with the fiscal 2002 budget, the Office of Management and Budget

will not pay for systems that have not adequately incorporated security

measures into their information systems.

In a Feb. 28 memorandum to agency heads, OMB Director Jacob Lew outlined

five principles to compel agencies to consider computer security and critical

infrastructure protection programs as they build systems.

Under the new policy, security must:

* Be tied to agencies' information architectures.

* Be well-planned by demonstrating that costs are included in life-cycle

planning systems.

* Manage risks by demonstrating that specific methods and controls are

in place.

* Protect privacy and confidentiality by using security controls and

authentication tools for public access that adheres to government and agency

policies.

* Account for departures from security guidance from the National Institute

of Standards and Technology, the agency designated as the lead for non-national

security applications.

"In general, OMB will consider new or continued funding only for those

system investments that satisfy these criteria and will consider funding

information technology investments only upon demonstration that existing

agency systems meet these criteria," the memo states.

Cybersecurity

Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.
IT Modernization

VA plans 'strategic review' of $16B software program

New Veterans Affairs chief Denis McDonough announced a "strategic review" of the agency's Electronic Health Record Modernization program of up to 12 weeks.