OMB
Issues First Annual Report on Federal Information
Technology Security
Washington,
DC -- The Office of Management and Budget released today the first
annual report to Congress on the state of Information Technology (IT)
security at the twenty-four largest federal departments and agencies.
The report, mandated under the Government Information Security Reform
Act of 2000, requires all federal agencies to conduct annual security
reviews and report the results to OMB.
The report
reflects the findings of agencies’ CIOs and Inspectors General’s
offices as of September 2001. The collected information focuses on overall
program performance and not complex technologies. Mark Forman, OMB’s
Associate Director for Information Technology and Electronic Government
said, "OMB has taken an integrated approach to ensure security issues
are addressed and this report is a benchmark against which OMB and the
agencies can monitor performance improvements."
The report
identifies six common weaknesses in program performance and describes
the actions both OMB and the agencies are implementing to improve IT security.
Agencies are required to: 1) increase senior management attention
to security; 2) establish security performance measures for agency
managers; 3) improve security education and awareness; 4) integrate
security into agency capital planning and investment control processes;
5) improve the security of contractor services; and 6) improve their
ability to detect attacks and share that information with other agencies.
The report
also highlights IT security spending by the federal government. For FY
2002, the federal government will spend $2.7 billion on IT security, and
OMB estimates IT security investments for FY 2003 will increase to $4.2 billion.
