OMB to standardize FISMA guidance

OMB FISMA guidance for 2003

Related Links

Office of Management and Budget officials are working to standardize information security guidance to avoid releasing all new guidance each year, an official said today.

In the next couple of months, OMB officials expect to modify guidelines for agencies on the Federal Information Security Management Act (FISMA) of 2002 and rely on addendums for new information each year, said Kamela White, security policy analyst at the Information Technology Policy Branch of OMB's Office of Information and Regulatory Affairs.

"There won't be new OMB guidance each year," White said, speaking today at an event sponsored by the Potomac Forum Ltd. and ICG Government. "Rather, where necessary, we'll simply make additions."

OMB officials tell agencies how to comply with FISMA policies. Agencies are required to track and fix security vulnerabilities, and report regularly to OMB.

OMB officials also plan to stop requiring agencies to submit full action plans and milestones on every system twice a year. Instead, OMB will rely on quarterly updates on security matters provided by agencies and included in the president's management agenda scorecard, White said.

Agency inspector generals work closely in reviewing agency remediation processes for fixing security gaps, she said. OMB officials will still be able to request action plans and milestones from agencies on major systems when needed.

"Rather than have agencies focus on submitting all those plans to OMB, [OMB will] rely on the quarterly updates," White said. "We're cutting down on the reporting requirement for you."

Featured

  • Defense
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    DOD CIO hits pause on JEDI cloud acquisition

    Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

  • Cybersecurity
    By Gorodenkoff shutterstock ID 761940757

    Waging cyber war without a rulebook

    As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Deadline extended for Rising Star nominations

    You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.