The Office of Management and Budget is mandating federal civilian agencies to submit their annual progress reports on Federal Information Security Management Act compliance by March 2, 2020.
OMB released a memo on Tuesday updating its FISMA guidance, which also directs inspectors general to facilitate yearly reviews of agency initiatives related to information security.
Under the legislation, chief information officers and chief information security officers must update their metrics for assessing system security every quarter. Civilian agencies must also submit security incident reports to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency along with relevant technical information.
DHS will be required to perform assessments of agencies’ internet-accessible systems and public-facing platforms as part of FISMA.
According to the memo, FISMA seeks to ensure that agency heads are “ultimately responsible for ensuring that their respective agencies maintain protections commensurate with the risk of harm of a compromise."