Guidance out on security reports

Defense Authorization Act

The Office of Management and Budget is circulating draft guidance on what agencies should include in the annual reports they must produce under the Government Information Security Reform Act (GISRA).

The act, passed last October as part of the fiscal 2001 Defense Authorization Act, is intended to foster good security practices within civilian and national security agencies. It requires chief information officers and inspectors general to perform vulnerability assessments on their agencies' security programs and practices.

OMB officials issued general guidance in January explaining the approach that agency program managers and IGs should take on the assessments. But now, it details exactly what information should be included. OMB asks agencies for:

n An executive summary from the agency head regarding how the agency is implementing GISRA. The summary should join information from the agency CIO and the agency IG, and form the basis of OMB's summary to Congress.

n Details about the agencies' annual program reviews and evaluations. Agencies will provide details by answering 11 questions that range from identifying funding to describing the performance measures used by program managers and CIOs.

Agencies' reports are due to OMB by September.

Featured

  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/Shutterstock.com)

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected