OMB seeks security at the start

Fiscal 2001 GISRA report to Congress

Despite improvements in information security management, enough gaps remain for the Office of Management and Budget to ask industry to help federal agencies shore up budget requests that are likely to be turned back because of inadequate security provisions.

Speaking Nov. 5 at the Industry Advisory Council's Executive Leadership Conference in Hershey, Pa., Mark Forman, the nation's e-government chief, called on vendors to help agencies plan and design IT projects that include security from the start.

Starting in the Clinton administration with a February 2000 memorandum, OMB told agencies that the White House will not fund IT projects without "adequate" security measures, and the Bush administration has continued that commitment. Last year agencies identified the most fundamental problems from fiscal 2001 and detailed plans for how to fix them, but "there continue to be some lagging organizations," said Forman, associate director for information technology and e-government at OMB.

In September, agencies turned in their fiscal 2004 budget requests along with their second reports to OMB under the Government Information Security Reform Act of 2000. If the initial evaluation of the GISRA reports and agencies' budget requests are any indication, Forman said, OMB may have to again "force" agencies to include security by refusing some fiscal 2004 budget requests.

Forman told industry leaders at the conference not to be surprised if there is a large increase in the number of agencies looking for security certification and accreditation of their IT systems.