Agencies are making progress in security, OMB says

Agencies are making progress in security, OMB says

The Office of Management and Budget gave a sneak preview today of its second annual report to Congress on the state of agencies' IT security.

'We made progress across the government,' said Kamela White, a senior policy analyst in OMB's Information Policy and Technology Branch. But 'in some cases, although the numbers are heading in the right direction, they are still low. There are hundreds of millions of dollars in IT investments that OMB considers at-risk if [their security] problems are not corrected by the end of the fiscal year.'

OMB may cut off funding for these programs. 'We will focus for the rest of the year on remediation,' she said.

The OMB report, due to Congress in several weeks, is required under the Government Information Security Reform Act, which was renewed last year by the Federal Information Security Management Act.

The law requires agencies to report to OMB each year on the security and certification of critical IT systems. It also calls for agencies to integrate security spending into lifecycle planning for new systems.

White said most agencies spend 5 percent to 10 percent of their IT budgets on security. But 'there is no relationship between the amount of money spent in IT security and performance,' she said.

She said agencies with robust capital planning processes tend to do better on security.

About the Author

William Jackson is a Maryland-based freelance writer.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.