OMB guides agencies to meet IT security law
- By Jason Miller
- Aug 07, 2003
The Office of Management and Budget yesterday set guidelines for agencies to report their progress in securing IT systems.
In a letter
to agency executives, OMB director Joshua Bolten outlined how agencies should implement the Federal Information Security Management Act, which became law as a provision in the E-Government Act of 2002 last December.
OMB detailed steps in four sections of the memo that agency CIOs and inspectors general must follow in evaluating IT security. These sections include changes introduced by FISMA, reporting instructions, quarterly plans and performance updates, and definitions in law and policy in the guidance.
Bolten also said he wants to make sure agencies spend enough money and resources on IT security.
'I am directing my staff to work with your agency to ensure that system remediation plans are implemented and appropriate resources are identified through the budget process to resolve critical IT security weaknesses,' Bolten said.
Bolten also laid out the criteria for agencies to earn a green score on the stoplight scoring system the White House uses to grade agencies in meeting the President's Management Agenda.
Agencies will not improve their scores in e-government under the PMA unless they improve their scores in the security subsection first, Bolten said. OMB grades agencies quarterly on how they implement their security plans, he added.
To get to green, agencies must:Demonstrate consistent progress in remediating IT security weaknessesHave the IG verify there is a departmentwide IT planHave 90 percent of IT systems certified and accredited by the IG and by outside experts.
To get to yellow, agencies must:Demonstrate consistent progress in remediating IT security weaknesses Have the IG verify a departmentwide IT plan or have 80 percent of IT systems certified and accredited by the IG and outside experts.