Home / Technology / OMB Memo Asks Agencies to Send Monthly Continuous Monitoring Reports

OMB Memo Asks Agencies to Send Monthly Continuous Monitoring Reports

The Office of Management and Budget announced that agencies no longer need to do a three-year security reauthorization for information systems, Fierce Government IT reports.

Jeff Zients, OMB’s acting director, told agencies in a memo they should instead just enforce more frequent reporting of ongoing authorizations of information systems through continuous monitoring programs.

In the Oct. 2 memo, OMB said that agencies should submit monthly reports that follow the National Institute for Standards and Technology‘s guide on applying a risk management framework to information systems.

Zients noted that small and micro agencies are not required to send the monthly reports but are encouraged to do so.

The reports should also follow FISMA reporting guidance and be submitted to CyberScope every fifth day of the month, the memo said.

Agency chief information officers are required to respond to quarterly security posture questions while inspector generals will do so annually.

Continuous monitoring was part of a proposed update to the Federal Information Systems Management Act passed in April.

Check Also

Army Official: JEDI Does Not Preclude Other Cloud Initiatives

Maj. Gen. Garrett Yee, deputy chief information officer for the U.S. Army, has said that the Joint Enterprise Defense Infrastructure cloud contract does not preclude the implementation of other pilot cloud projects within the Defense Department. Yee made the remarks during a recent AFCEA luncheon, where Edward Siomacco, a deputy director at the Army’s G-4 headquarters, described a six-month trial commercial cloud effort being carried out by the Army Business Council, FCW reported Thursday.

Leave a Reply

Your email address will not be published. Required fields are marked *