For Immediate Release (Text Only)

OMB
Home

Office of Management and Budget

White House
Home

Executive Office of the President

Site Search

About OMB
-	Organization Chart
-	Contact OMB

President's Budget
-	Budget Documents
-	Supplementals, Budget Amendments, and Releases

Federal Management
-	President's Management Agenda
-	Office of Federal Financial Management
	-- Agency Audits
-	Office of Federal Procurement Policy
	-- CAS Board
	-- FAIR Act Inventory

Office of Information and Regulatory Affairs
-	OIRA Administrator
-	Regulatory Matters
-	Paperwork Requirements
-	Statistical Programs & Standards
-	Information Policy, IT & E-Gov

Communications & Media
-	News Releases
-	Speeches

Legislative Information
-	Statements of Administration Policy (SAPs)
-	Testimony
-	Reports to Congress

Information for Agencies
-	Circulars
-	Memoranda
-	Bulletins
-	Pivacy Guidance
-	Grants Management
-	Reports

Site Map
First Gov
eGov

FOR IMMEDIATE RELEASE
March 1, 2008
Contact: OMB Communications, 202-395-7254

ANNUAL FEDERAL SECURITY INFORMATION ACT
REPORT SHOWS AGENCY IMPROVEMENTS
IN SECURING IT SYSTEMS

Washington, DC — Today, the Office of Management and Budget (OMB) transmitted to Congress its Fiscal Year 2007 Federal Information Security Management Act (FISMA) Report. The FISMA report contains the results of information security and privacy performance metrics reported by agency Chief Information Officers, Inspectors General, and Chief Privacy Officers and allows agencies a better understanding of the security of their systems and the information to hold agency managers accountable for resolving any identified deficiencies.

Agencies have demonstrated sustained progress in meeting the Federal goal toward securing 100 percent of operational systems. In FY 2007, 92 percent of all systems operated with complete Certification and Authentication (C&A), and 86 percent of all systems operated with tested contingency plans. In addition, 95 percent of all systems operate with security controls tested within the last year.

On data security metrics, 84 percent of systems requiring a Privacy Impact Assessment (PIA), met the publicly posted requirement. PIAs ensure agencies consider privacy concerns and incorporate mitigating measures into the development and operation of the system. 83 percent of systems requiring a System of Records Notice (SORN) met the publicly posted requirement. SORNs ensure agencies provide the public with sufficient notice and opportunity to comment on the use and disclosure of individual records.

“We saw a significant improvement in agencies’ C&As performance, and contingency and controls testing,” said E-Government Administrator, Karen Evans. “In 2007, 92 percent of IT systems operated with completed security accreditations, an increase from 47 percent reported in 2002. Agencies tested security controls for 95 percent of all systems in operation. In the meantime, we will continue to work towards securing 100 percent of operational systems.”

The annual FISMA report is available on OMB’s web site www.omb.gov.

###