OMB POLICY STATEMENTS
Click to learn more.
OMB: Defining Security Reporting Policies
The OMB is being asked to clarify security reporting policies for minor systems by members of the federal Chief Information Security Officers Forum. The confusion stems from the Federal Information Security Management Act of 2002 (FISMA), of which OMB gave no examples of how to run minor systems. Common systems for all federal agencies under FISMA guidelines would be more efficient according to the memo.
"Without actual examples, there's always room for interpretation."
"FISMA is pretty clear on the major systems; it's all the other little cats and dogs, the minor systems," about which the rules are unclear.