The Office of Management and Budget has released a memorandum that requires federal civilian agencies to submit their annual Federal Information Security Modernization Act reports to OMB and the Department of Homeland Security by March 1, 2018, MeriTalk reported Wednesday.
Agencies should also file their FISMA reports with the Government Accountability Office and Congress, OMB Director Mick Mulvaney wrote in the memo published Monday.
The document directs agency heads to submit to OMB chief and DHS secretary letters that include a detailed assessment of their organization’s data security policies and practices; number of cyber incidents reported through DHS’ U.S. Computer Emergency Readiness Team Incident Reporting System; and each incident’s description that includes vulnerabilities and threats.
Agencies should also report through the CyberScope online platform their breach response plans; privacy plans; continuous monitoring strategies for privacy; and written policies to justify that any new effort to collect Social Security numbers is needed.
The memo also requires agencies to inform inspector generals and Congress of any cyber breach within seven days through reports that contain information on threat actors, risk assessments performed on affected data infrastructure and remediation measures.