Security remediation guide in works

GISRA guidelines 2002

The Office of Management and Budget is working on guidelines that will help agencies track and fix information security vulnerabilities.

OMB has led the charge to scrutinize agencies' information technology security strategies: It led the review of security assessments that agencies filed in compliance with the Government Information Security Reform Act (GISRA) of 2000, and it set out guidance for agencies to comply with the Federal Information Security Management Act of 2002.

The next step is to focus on security remediation, said Kamela White, security policy analyst at the Information Technology Policy Branch of OMB's Office of Information and Regulatory Affairs.

OMB will provide "clear requirements for remediation" so agencies can devise strategies to ensure that security weaknesses are eliminated, White said. She was speaking March 27 at a forum hosted by the Information Technology Association of America (ITAA) on the need for a government/industry partnership to secure cyberspace.

Security remediation involves quantifying and fixing vulnerabilities, and then hardening any hardware or software against future attacks, break-ins or other security issues.

OMB received help from officials in the Information Analysis and Infrastructure Protection Directorate at the Homeland Security Department (DHS), according to Sallie McDonald, who oversees the Federal Computer Incident Response Center at DHS. DHS officials provided information and language to OMB on guidance covering what steps to take on the cybersecurity side of infrastructure protection, McDonald told Federal Computer Week last week.

OMB expects to release the final report to Congress under GISRA within the next few weeks, Mark Forman, OMB's assistant director for IT and e-government, said at a House hearing March 26. That report will include an overview of what security issues agencies discovered and what plans are in place to address those issues.

Diane Frank contributed to the article.


  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

Stay Connected