OMB: Agencies are halfway to securing IT systems
- By Jason Miller
- Jan 28, 2004
The Office of Management and Budget is expecting a little more than 50 percent of all IT systems to be accredited and certified as secure when it releases its annual report to Congress in early summer, an administration official said.
Kamela White, an OMB senior policy analyst, said the patterns and trends are going in the right direction from what she has seen so far from agency and inspectors general reports that make up the administration's statement to the Hill.
Agencies fell short of OMB's deadline of certifying and accrediting 80 percent of all IT systems by December 2003. But the increase to just over half is a marked improvement from the 30 percent of all systems agencies certified last year, White said.
White would not offer further information about the security report because it has not been finalized.
To assist agencies in meeting the mark, OMB is finalizing agency guidance on how to implement the Federal Information Security Management Act. White said the document should be out by mid-March. OMB will give agencies about a week to comment on the draft guidance, which will be released early next month.
'We are standardizing the guidance,' she said during a conference yesterday on FISMA sponsored by ICG Government of Reston, Va., and the Potomac Forum Ltd. of Potomac, Md. 'We want to add the FISMA guidance to [OMB Circular] A-130 and then we will explore a number of areas in the circular to reflect FISMA and other security changes.'
White said the guidance will closely follow the FISMA law, but OMB will add more specifics when it comes to performance measures and making the IT security reporting date more consistent with the agency and their inspectors general.
'We see some common problems between the agency and IG reports,' White said. 'They define terms differently, for instance.'