Guidance out on security reports

Defense Authorization Act

The Office of Management and Budget is circulating draft guidance on what agencies should include in the annual reports they must produce under the Government Information Security Reform Act (GISRA).

The act, passed last October as part of the fiscal 2001 Defense Authorization Act, is intended to foster good security practices within civilian and national security agencies. It requires chief information officers and inspectors general to perform vulnerability assessments on their agencies' security programs and practices.

OMB officials issued general guidance in January explaining the approach that agency program managers and IGs should take on the assessments. But now, it details exactly what information should be included. OMB asks agencies for:

n An executive summary from the agency head regarding how the agency is implementing GISRA. The summary should join information from the agency CIO and the agency IG, and form the basis of OMB's summary to Congress.

n Details about the agencies' annual program reviews and evaluations. Agencies will provide details by answering 11 questions that range from identifying funding to describing the performance measures used by program managers and CIOs.

Agencies' reports are due to OMB by September.

Featured

  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/Shutterstock.com)

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected