OMB unveils FISMA how-to

FY 2004 Reporting Instructions for the Federal Information Security Management Act

Office of Management and Budget officials this month released final instructions to federal agencies for filing mandatory reports on their systems security efforts in 2004.

The annual compliance reports, a requirement under the Federal Information Security Management Act, must be filed by Oct. 6, this year. The 28 pages of instructions include a reporting template and expanded definitions of terms and concepts associated with FISMA.

OMB Director Joshua Bolten noted in his instructions that all security requirements established by FISMA apply to all agencies, regardless of their size. The reporting requirements for small agencies, which OMB officials define as microagencies, are slimmed down, he said. But the actual security requirements are the same for all agencies. Microagencies are ones with fewer than 100 employees.

Any organization that operates, uses or simply has access to federal information systems must also comply with FISMA, Bolten reminded agency officials. Contractors, grantees, state and local governments, industry partners-none are exempted, the OMB guidelines state.

The new guidelines also give federal agencies a Sept. 15, 2005, deadline for categorizing their transactions systems according to recommended user-authentication levels published by the National Institute of Standards and Technology. The technical recommendations for verifying users' identities online appear in NIST Special Publication 800-63.

Featured

  • Workforce
    Avril Haines testifies SSCI Jan. 19, 2021

    Haines looks to restore IC workforce morale

    If confirmed, Avril Haines says that one of her top priorities as the Director of National Intelligence will be "institutional" issues, like renewing public trust in the intelligence community and improving workforce morale.

  • Defense
    laptop cloud concept (Andrey Suslov/Shutterstock.com)

    Telework, BYOD and DEOS

    Telework made the idea of bringing your own device a top priority as the Defense Information Systems Agency begins transitioning to a permanent version of the commercial virtual remote environment.

Stay Connected