OMB readies more security guidance

Defense Authorization Act

The Office of Management and Budget is planning to release more specific guidance on what agencies should include in their reports under the Government Information Security Reform Act.

Enacted in October as part of the 2001 Defense Authorization Act, GISRA outlines the information security management requirements for agencies, including an annual self-assessment and an independent assessment by each agency's inspector general.

Under GISRA, agencies must use these assessments to improve their security programs and practices. Reports on the assessments must also be turned over to OMB, which will then provide a summary report for Congress.

OMB issued its first guidance in January, outlining the roles of officials within agencies and suggesting that program officers and IGs coordinate their assessments to avoid duplication of effort and to ensure consistency.

The new guidance will provide more details about what agencies and IGs need to include in their reports to OMB, said Glenn Schlarman, a security policy analyst at OMB's Office of Information and Regulatory Affairs.

The guidance probably will direct program officials and IGs to providea two- to three-page executive summary because OMB will be going through more than 40 reports to summarize for Congress, and "we're going to be very busy," Schlarman said.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.