Keep It Concrete, Ad Groups Urge FTC

From: Lexology

Richard P. Lawson | Manatt Phelps & Phillips LLP

Vulnerabilities Equities Policy and Process for the United States Government [Charter]

Editor’s Note: The explanatory White House Blog post about the VEP is available here.

From: The White House

1. Purpose

This document describes the Vulnerabilities Equities Policy and Process for departments and agencies of the United States Government (USG) to balance equities and make determinations regarding disclosure or restriction when the USG obtains knowledge of newly discovered and not publicly known vulnerabilities in information systems and technologies. The primary focus of this policy is to prioritize the public’s interest in cybersecurity and to protect core Internet infrastructure, information systems, critical infrastructure systems, and the U.S. economy through the disclosure of vulnerabilities discovered by the USG, absent a demonstrable, overriding interest in the use of the vulnerability for lawful intelligence, law enforcement, or national security purposes.

OMB Memorandum M-18-02 FY 2017-2018 Guidance on Federal Information Security and Privacy Management Requirements

Editor’s Note: The complete OMB is available here. Below is an excerpt.

From: OMB Memorandum M-18-02, October 16. 2017

Purpose

This memorandum provides agencies with Fiscal Year (FY) 2017-2018 Federal Information Security Modernization Act of 2014 (FISMA) reporting guidance and deadlines.1 FISMA requires the Office of Management and Budget (OMB) to oversee agency information security policies and practices. 2 This memorandum describes the processes for Federal agencies3 to report to OMB and, where applicable, the Department of Homeland Security (DHS). This memorandum does not apply to national security systems or intelligence community systems, although both communities may leverage the document to inform their management processes.

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

From: The White House

EXECUTIVE ORDER

– – – – – – –

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

By the authority vested in me as President by the Constitution and the laws of the United States of America, and to protect American innovation and values, it is hereby ordered as follows:

Section 1.  Cybersecurity of Federal Networks.

OIRA Reiterates: The Data Quality Act “applies to all information disseminated from Federal websites”

Editor’s Note: Memorandum M-17-06, Policies for Federal Agency Public Websites and Digital Services, signed the Director of OMB, the Administrator of OIRA, and the Federal CIO is available here. Below is an excerpt. Cross-posted from OIRA Watch.

From: The White House

11. Ensure Information Quality and Accuracy

The Internet enables agencies to communicate information quickly and easily to a wide audience, which, while of great benefit to society, also increases the potential harm that can result from disseminating incorrect information. Taking this into account, information disseminated from Federal Government websites and digital services, or from third-party services on behalf of the Government, is expected to be authoritative and reliable.

Federal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software

Editor’s Note: The complete OMB Memorandum M-16-21 is available here. Below is an excerpt.

From: Office of Management and Budget | Memorandum M-16-21

By Tony Scott, United States Chief Information Officer and Anne E. Rung, United States Chief Acquisition Officer

1. Objectives

This policy will accomplish the following objectives:

• Provide a policy to agencies 19 on considerations that must be made prior to acquiring any custom-developed code;

• Require agencies to obtain appropriate Government data rights to custom-developed code, including at a minimum, rights to Government-wide reuse and rights to modify the code. Agencies shall make such custom-developed code broadly available across the Federal Government, subject to limited exceptions;20

Annex for Presidential Policy Directive 41 — United States Cyber Incident Coordination

SUBJECT:  Federal Government Coordination Architecture for Significant Cyber Incidents
I.   Scope

This annex to PPD-41, United States Cyber Incident Coordination Policy, provides further details concerning the Federal Government coordination architecture for significant cyber incidents and prescribes certain implementation tasks.

II.  Coordination Architecture

Managing Federal Information as a Strategic Resource

From: The White House

by Tony Scott, Howard Shelanski, Anne Rung, Marc Groman

Summary:  Today, OMB is releasing an update to Circular A-130, the Federal Government’s governing document for the management of Federal information resources.

Today the Office of Management and Budget (OMB) is releasing an update to the Federal Government’s governing document for the management of Federal information resources: Circular A-130, Managing Information as a Strategic Resource.

Presidential Policy Directive — United States Cyber Incident Coordination

PRESIDENTIAL POLICY DIRECTIVE/PPD-41

SUBJECT: United States Cyber Incident Coordination

The advent of networked technology has spurred innovation, cultivated knowledge, encouraged free expression, and increased the Nation’s economic prosperity. However, the same infrastructure that enables these benefits is vulnerable to malicious activity, malfunction, human error, and acts of nature, placing the Nation and its people at risk. Cyber incidents are a fact of contemporary life, and significant cyber incidents are occurring with increasing frequency, impacting public and private infrastructure located in the United States and abroad.

OMB Memorandum M-05-24: Implementation of Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors

Editor’s Note: A pdf of the complete Memorandum including the attachments is available here.

From: Executive Office of the President | The Office of Management and Budget

M-05-24

August 5, 2005

MEMORANDUM FOR THE HEADS OF ALL DEPARTMENTS AND AGENCIES

FROM: Joshua B. Bolten, Director

SUBJECT: Implementation of Home land Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors

On August 27, 2004, the President signed HSPD-12 “Policy for a Common Identification Standard for Federal Employees and Contractors” (the Directive). The Directive requires the development and agency implementation of a mandatory, government-wide standard for secure and reliable forms of identification for Federal employees and contractors. As required by the Directive, the Department of Commerce issued Federal Information Processing Standard 201 (the Standard). This memorandum provides implementing instructions for the Directive and the Standard.