OMB to require more reviews

2002 OMB GISRA guidance

Agencies must evaluate the effectiveness of their information security programs periodically throughout the year, rather than simply conduct an annual review, according to guidance the Office of Management and Budget plans to release next month.

The guidance will highlight new requirements set out under the latest security legislation, the Federal Information Security Management Act (FISMA) of 2002, which was passed last December as part of the E-Government Act of 2002.

Because of the similarities between FISMA and its predecessor, the Government Information Security Reform Act (GISRA) of 2000, the new guidance is designed to make sure agencies understand all the little changes, said Kamela White, security policy analyst at the Information Technology Policy Branch of OMB's Office of Information and Regulatory Affairs. She was speaking March 12 at a meeting of the Information Security and Privacy Advisory Board.

The increased frequency of self-evaluation is one change agencies may be concerned about. It will be difficult for agencies to balance their requirements against the scarce resources and funding in the security arena, board members said. But the National Institute of Standards and Technology is developing guidance now to help agencies determine the most efficient way to do this, said Ron Ross, program manager of the system certification and accreditation program in NIST's Computer Security Division.

OMB's new guidance also will expand on the performance measures first included in last year's GISRA, which included such metrics as how many systems have undergone certification and accreditation.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.