OMB to standardize FISMA guidance

OMB FISMA guidance for 2003

Related Links

Office of Management and Budget officials are working to standardize information security guidance to avoid releasing all new guidance each year, an official said today.

In the next couple of months, OMB officials expect to modify guidelines for agencies on the Federal Information Security Management Act (FISMA) of 2002 and rely on addendums for new information each year, said Kamela White, security policy analyst at the Information Technology Policy Branch of OMB's Office of Information and Regulatory Affairs.

"There won't be new OMB guidance each year," White said, speaking today at an event sponsored by the Potomac Forum Ltd. and ICG Government. "Rather, where necessary, we'll simply make additions."

OMB officials tell agencies how to comply with FISMA policies. Agencies are required to track and fix security vulnerabilities, and report regularly to OMB.

OMB officials also plan to stop requiring agencies to submit full action plans and milestones on every system twice a year. Instead, OMB will rely on quarterly updates on security matters provided by agencies and included in the president's management agenda scorecard, White said.

Agency inspector generals work closely in reviewing agency remediation processes for fixing security gaps, she said. OMB officials will still be able to request action plans and milestones from agencies on major systems when needed.

"Rather than have agencies focus on submitting all those plans to OMB, [OMB will] rely on the quarterly updates," White said. "We're cutting down on the reporting requirement for you."

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.