OMB guides agencies to meet IT security law

The Office of Management and Budget yesterday set guidelines for agencies to report their progress in securing IT systems.

In a letter to agency executives, OMB director Joshua Bolten outlined how agencies should implement the Federal Information Security Management Act, which became law as a provision in the E-Government Act of 2002 last December.

OMB detailed steps in four sections of the memo that agency CIOs and inspectors general must follow in evaluating IT security. These sections include changes introduced by FISMA, reporting instructions, quarterly plans and performance updates, and definitions in law and policy in the guidance.

Bolten also said he wants to make sure agencies spend enough money and resources on IT security.

'I am directing my staff to work with your agency to ensure that system remediation plans are implemented and appropriate resources are identified through the budget process to resolve critical IT security weaknesses,' Bolten said.

Bolten also laid out the criteria for agencies to earn a green score on the stoplight scoring system the White House uses to grade agencies in meeting the President's Management Agenda.

Agencies will not improve their scores in e-government under the PMA unless they improve their scores in the security subsection first, Bolten said. OMB grades agencies quarterly on how they implement their security plans, he added.

To get to green, agencies must:

  • Demonstrate consistent progress in remediating IT security weaknesses


  • Have the IG verify there is a departmentwide IT plan


  • Have 90 percent of IT systems certified and accredited by the IG and by outside experts.


  • To get to yellow, agencies must:

  • Demonstrate consistent progress in remediating IT security weaknesses


  • Have the IG verify a departmentwide IT plan or have 80 percent of IT systems certified and accredited by the IG and outside experts.

  • inside gcn

    • Pushing cybersecurity for counties

    Reader Comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above

    More from 1105 Public Sector Media Group