OMB Sets Agency Deadlines To Strengthen Cybersecurity - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
08:00 AM

OMB Sets Agency Deadlines To Strengthen Cybersecurity

The Obama administration issues new guidelines for continuous monitoring programs to bolster information security.

The Office of Management and Budget (OMB) has directed the heads of all federal departments and agencies to implement measures to safeguard federal information systems and the information they process and store.

Among other measures, the OMB has made cybersecurity one of 14 cross-agency performance priority goals that agencies are responsible for achieving. And the memo to federal agencies provides guidelines for managing information security risks through continuous monitoring processes established by the National Institute of Standards and Technology.

OMB Director Sylvia Burwell said in the memo that all agencies must establish information security continuous monitoring (ISCM) programs that help them manage security risks and address how they authorize information systems (and the environments in which they operate) on an ongoing basis. "All strategies must address the agencies' plans for transitioning to and maintaining consistency with federal information security policies, standards, and guidelines."

To firm up the nation's cybersecurity approach, Burwell also directed agencies to develop plans in coordination with the Department of Homeland Security (DHS).

Another critical component of the OMB's initiative to fully implement ISCM across the government is a push for standardization. Burwell said ISCM must become an "agency-wide solution" for deploying products and services. Under the DHS Continuous Diagnostics and Mitigation (CDM) Program, federal, state, and local governments can deploy a basic set of capabilities for continuous monitoring as part of a blanket purchase agreement (BPA).

[What agencies also need to know about cybersecurity for the cloud: Read Q&A: FedRAMP Director Discusses Cloud Security Innovation]

In August, the General Services Administration and the DHS awarded a BPA to 17 vendors that supply hardware and software for implementing continuous-monitoring-as-a-service. The contract provides a "consistent, government-wide set of information security continuous monitoring tools to enhance the federal government's ability to identify and respond, in real-time or near real-time, to the risk of emerging cyber threats," Burwell said.

The memo set deadlines of Feb. 28, 2014, for agencies to develop their ISCM strategy and April 30, 2014, for naming specific individuals who will manage ISCM programs. Agencies are also required to verify by May 30, 2014, that all information systems are authorized to operate according to federal requirements before deploying their continuous monitoring initiatives. Those initiatives are part of a broader effort to make continuous monitoring central to agency information security controls by fiscal year 2017.

The DHS is tasked with training agency managers on how to implement ISCM. It will also provide contract support to agencies that obtain ISCM services through the CDM Program, the memo said. The initial suite of products available under the BPA covers hardware asset management, software asset management (such as malware management), configuration setting management, and common vulnerability management. The suite will expand to cover additional capabilities.

"By strengthening the underlying information technology infrastructure through the application of state-of-the-art architectural and engineering solutions, agencies can improve the effectiveness of the safeguards and countermeasures protecting federal information," Burwell said.

Moving email to the cloud has lowered IT costs and improved efficiency. Find out what federal agencies can learn from early adopters. Also in the Great Email Migration issue of InformationWeek Government: Lessons from a successful government data site (free registration required).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Chuck Brooks
Chuck Brooks,
User Rank: Author
11/26/2013 | 1:13:48 PM
Because of the vulnerability to networks and systems, deadlines are critical. It is good to see OMB and DHS proactive on strengthening cybersecurity. Also, their role in promoting collaboration with the private sector is the right step.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll