OMB to require more reviews

2002 OMB GISRA guidance

Agencies must evaluate the effectiveness of their information security programs periodically throughout the year, rather than simply conduct an annual review, according to guidance the Office of Management and Budget plans to release next month.

The guidance will highlight new requirements set out under the latest security legislation, the Federal Information Security Management Act (FISMA) of 2002, which was passed last December as part of the E-Government Act of 2002.

Because of the similarities between FISMA and its predecessor, the Government Information Security Reform Act (GISRA) of 2000, the new guidance is designed to make sure agencies understand all the little changes, said Kamela White, security policy analyst at the Information Technology Policy Branch of OMB's Office of Information and Regulatory Affairs. She was speaking March 12 at a meeting of the Information Security and Privacy Advisory Board.

The increased frequency of self-evaluation is one change agencies may be concerned about. It will be difficult for agencies to balance their requirements against the scarce resources and funding in the security arena, board members said. But the National Institute of Standards and Technology is developing guidance now to help agencies determine the most efficient way to do this, said Ron Ross, program manager of the system certification and accreditation program in NIST's Computer Security Division.

OMB's new guidance also will expand on the performance measures first included in last year's GISRA, which included such metrics as how many systems have undergone certification and accreditation.


  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected