Measuring What Matters: Reducing Risk by Rethinking (Regulation 1)

Editor’s Note:  A major report from authored by Julie M. Anderson, Karen S. Evans, Franklin S. Reeder and Meghan M. Wareham is attached here.  The paper’s Recommendations to OMB are reprinted below.  The paper also includes a message from the National Academy of Public Administration.


To better secure information and improve information security evaluations across government, the report team recommends OMB direct the following policy changes:

1.   IGs should adopt the enhanced risk management framework and submit a FISMA Evaluation Plan to OMB by no later than May 2013;