OMB to require more reviews

2002 OMB GISRA guidance

Agencies must evaluate the effectiveness of their information security programs periodically throughout the year, rather than simply conduct an annual review, according to guidance the Office of Management and Budget plans to release next month.

The guidance will highlight new requirements set out under the latest security legislation, the Federal Information Security Management Act (FISMA) of 2002, which was passed last December as part of the E-Government Act of 2002.

Because of the similarities between FISMA and its predecessor, the Government Information Security Reform Act (GISRA) of 2000, the new guidance is designed to make sure agencies understand all the little changes, said Kamela White, security policy analyst at the Information Technology Policy Branch of OMB's Office of Information and Regulatory Affairs. She was speaking March 12 at a meeting of the Information Security and Privacy Advisory Board.

The increased frequency of self-evaluation is one change agencies may be concerned about. It will be difficult for agencies to balance their requirements against the scarce resources and funding in the security arena, board members said. But the National Institute of Standards and Technology is developing guidance now to help agencies determine the most efficient way to do this, said Ron Ross, program manager of the system certification and accreditation program in NIST's Computer Security Division.

OMB's new guidance also will expand on the performance measures first included in last year's GISRA, which included such metrics as how many systems have undergone certification and accreditation.


  • Veterans Affairs
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    VA health record go-live pushed back to July

    The Department of Veterans Affairs is delaying a planned initial deployment of its $16 billion electronic health record project by four months, but is promising added functionality at the go-live date.

  • Workforce
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    Esper says he didn't seek the authority to gut DOD unions

    Defense Secretary Mark Esper told lawmakers he was waiting for a staff analysis of a recent presidential memo before deciding whether to leverage new authority.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.