Federal Manager's Daily Report

OMB has issued new guidance on reporting and deadline requirements under the 2014 Federal Information Security Modernization Act, in the process rescinding its own prior guidance.

Memo M-20-04 describes requirements under FISMA that agencies report on the status of their information security programs to OMB, that agency IGs annually assess those programs, and that OMB, DHS and IGs partner to develop metrics for that process.


It also addresses: privacy requirements and management of privacy risks, including reporting requirements for senior agency officials for privacy; requirements for reporting on cybersecurity incidents including what constitutes a major incident that requires additional disclosures, including reporting to Congress; and strengthening continuous diagnostic and mitigation capabilities.

OMB added that while the memo does not apply to national security systems, agencies are “encouraged to leverage the document to inform their management processes.”