OMB has issued a memo with fiscal 2013 reporting instructions under the Federal Information Security Management Act of 2002, as well as reporting instructions for agency privacy management programs.
According to OMB memo M-14-04, CIO Council member agencies are required to:
– Submit data from their automated security management tools into CyberScope on a monthly basis for a limited number of data elements;
– Respond to security posture questions on a quarterly/annual basis; and
– Participate in CyberStat accountability sessions and agency interviews (equipped with reporting results from CyberScope and agencies’ action plans, DHS, along with the OMB and the White House, will continue to conduct CyberStat reviews of selected agencies).
As part of the annual report, senior agency officials for privacy are to submit through CyberScope: a description of the agency’s privacy training for employees and contractors; breach notification policy; progress update on eliminating unnecessary use of Social Security numbers; and progress update on the review and reduction of holdings of personally identifiable information.
