Guidance drafted on security reports

Defense Authorization Act

The Office of Management and Budget is circulating draft guidance on what agencies should include in the annual reports they must produce under the Government Information Security Reform Act.

The act, passed in October 2000 as part of the fiscal 2001 Defense Authorization Act, is intended to foster good security practices within civilian and national security agencies. It requires chief information officers and inspectors general to perform vulnerability assessments on their agencies' security programs and practices.

OMB issued general guidance in January on the approach that agency program managers and IGs should take on the assessments. But now, OMB is providing a draft of guidance that details exactly what information should be included in the reports. In the draft guidance, which is not available online, OMB asks agencies for:

An executive summary from the agency head on how the agency is implementing GISRA. The summary should combine information from the agency CIO and the agency IG, and it will form the basis of OMB's summary to Congress. Details about the agencies' annual program reviews and evaluations. Agencies will provide details on every program and system by answering 11 questions that range from identifying funding to describing the performance measures used by program managers and CIOs. Agencies' reports on their security evaluations are due to OMB by September. OMB will compile the reports and submit a governmentwide report to Congress. Congress in turn will use the reports to determine whether an agency is adequately protecting the systems that support its services to employees and citizens.

By Oct. 30, agencies must report to OMB the strategies, milestones and obstacles involved in addressing any security weaknesses found in the assessments.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.