OMB hopes to incorporate new security measures into the regulation by March 2003
The Office of Management and Budget has set March 2003 as the target date for incorporating the Government Information Security Reform Act into the regulation that outlines the policies for managing information technology within federal agencies.
The proposed revision to Circular A-130 to include the GISRA requirements is scheduled to be available in September for comment, with the final revision to be issued in March. OMB announced its plans in its semi-annual regulatory agenda, released May 13 in the Federal Register.
Agency, administration and congressional leaders have cited the GISRA requirements — including annual self and independent assessments and an annual report to OMB on the state of each agency's security management practices — as valuable resources in improving agency security. GISRA sunsets at the end of this fiscal year, but several members of Congress are working to extend its authority.
OMB had been planning on incorporating GISRA provisions into A-130 since the law was passed two years ago. The latest revisions of A-130, finalized in 2000, incorporated the Clinger-Cohen Act of 1996 and the Government Paperwork Elimination Act of 1998. Clinger-Cohen is the law that created the chief information officer position in federal agencies and mandates many commercial-style practices for information management and investment. GPEA requires that agencies make as many services as possible available online by October 2003.
NEXT STORY: Officials: Lack of trust undermines security