Office of Management and Budget
Executive Office of the President
  Site Search     
About OMB  
- Organization Chart
- Contact OMB
President's Budget
- Budget Documents
- Supplementals, Budget Amendments, and Releases
Federal Management
- President's Management Agenda
- Office of Federal Financial
-- Agency Audits
- Office of Federal Procurement
  -- CAS Board
-- FAIR Act Inventory
Office of Information and Regulatory Affairs
- OIRA Administrator
- Regulatory Matters
- Paperwork Requirements
- Statistical Programs & Standards
- Information Policy, IT & E-Gov
Communications & Media
- News Releases
- Speeches
Legislative Information
- Statements of Administration Policy (SAPs)
- Testimony
- Reports to Congress
Information for Agencies
- Circulars
- Memoranda
- Bulletins
- Pivacy Guidance
- Grants Management
- Reports
Site Map
First Gov  

March 1, 2008
Contact: OMB Communications, 202-395-7254


Washington, DC — Today, the Office of Management and Budget (OMB) transmitted to Congress its Fiscal Year 2007 Federal Information Security Management Act (FISMA) Report. The FISMA report contains the results of information security and privacy performance metrics reported by agency Chief Information Officers, Inspectors General, and Chief Privacy Officers and allows agencies a better understanding of the security of their systems and the information to hold agency managers accountable for resolving any identified deficiencies.

Agencies have demonstrated sustained progress in meeting the Federal goal toward securing 100 percent of operational systems. In FY 2007, 92 percent of all systems operated with complete Certification and Authentication (C&A), and 86 percent of all systems operated with tested contingency plans. In addition, 95 percent of all systems operate with security controls tested within the last year.

On data security metrics, 84 percent of systems requiring a Privacy Impact Assessment (PIA), met the publicly posted requirement. PIAs ensure agencies consider privacy concerns and incorporate mitigating measures into the development and operation of the system. 83 percent of systems requiring a System of Records Notice (SORN) met the publicly posted requirement. SORNs ensure agencies provide the public with sufficient notice and opportunity to comment on the use and disclosure of individual records.

“We saw a significant improvement in agencies’ C&As performance, and contingency and controls testing,” said E-Government Administrator, Karen Evans. “In 2007, 92 percent of IT systems operated with completed security accreditations, an increase from 47 percent reported in 2002. Agencies tested security controls for 95 percent of all systems in operation. In the meantime, we will continue to work towards securing 100 percent of operational systems.”

The annual FISMA report is available on OMB’s web site