Security remediation guide in works

GISRA guidelines 2002

The Office of Management and Budget is working on guidelines that will help agencies track and fix information security vulnerabilities.

OMB has led the charge to scrutinize agencies' information technology security strategies: It led the review of security assessments that agencies filed in compliance with the Government Information Security Reform Act (GISRA) of 2000, and it set out guidance for agencies to comply with the Federal Information Security Management Act of 2002.

The next step is to focus on security remediation, said Kamela White, security policy analyst at the Information Technology Policy Branch of OMB's Office of Information and Regulatory Affairs.

OMB will provide "clear requirements for remediation" so agencies can devise strategies to ensure that security weaknesses are eliminated, White said. She was speaking March 27 at a forum hosted by the Information Technology Association of America (ITAA) on the need for a government/industry partnership to secure cyberspace.

Security remediation involves quantifying and fixing vulnerabilities, and then hardening any hardware or software against future attacks, break-ins or other security issues.

OMB received help from officials in the Information Analysis and Infrastructure Protection Directorate at the Homeland Security Department (DHS), according to Sallie McDonald, who oversees the Federal Computer Incident Response Center at DHS. DHS officials provided information and language to OMB on guidance covering what steps to take on the cybersecurity side of infrastructure protection, McDonald told Federal Computer Week last week.

OMB expects to release the final report to Congress under GISRA within the next few weeks, Mark Forman, OMB's assistant director for IT and e-government, said at a House hearing March 26. That report will include an overview of what security issues agencies discovered and what plans are in place to address those issues.

Diane Frank contributed to the article.


  • Defense

    DOD wants prime contractors to be 'help desk' for new cybersecurity model

    The Defense Department is pushing forward with its unified cybersecurity standard for contractors and wants large companies and industry associations to show startups and smaller firms the way.

  • FCW Perspectives
    tech process (pkproject/

    Understanding the obstacles to automation

    As RPA moves from buzzword to practical applications, agency leaders say it’s forcing broader discussions about business operations

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.