Security remediation guide in works

GISRA guidelines 2002

The Office of Management and Budget is working on guidelines that will help agencies track and fix information security vulnerabilities.

OMB has led the charge to scrutinize agencies' information technology security strategies: It led the review of security assessments that agencies filed in compliance with the Government Information Security Reform Act (GISRA) of 2000, and it set out guidance for agencies to comply with the Federal Information Security Management Act of 2002.

The next step is to focus on security remediation, said Kamela White, security policy analyst at the Information Technology Policy Branch of OMB's Office of Information and Regulatory Affairs.

OMB will provide "clear requirements for remediation" so agencies can devise strategies to ensure that security weaknesses are eliminated, White said. She was speaking March 27 at a forum hosted by the Information Technology Association of America (ITAA) on the need for a government/industry partnership to secure cyberspace.

Security remediation involves quantifying and fixing vulnerabilities, and then hardening any hardware or software against future attacks, break-ins or other security issues.

OMB received help from officials in the Information Analysis and Infrastructure Protection Directorate at the Homeland Security Department (DHS), according to Sallie McDonald, who oversees the Federal Computer Incident Response Center at DHS. DHS officials provided information and language to OMB on guidance covering what steps to take on the cybersecurity side of infrastructure protection, McDonald told Federal Computer Week last week.

OMB expects to release the final report to Congress under GISRA within the next few weeks, Mark Forman, OMB's assistant director for IT and e-government, said at a House hearing March 26. That report will include an overview of what security issues agencies discovered and what plans are in place to address those issues.

Diane Frank contributed to the article.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.