OMB has issued guidance on compliance with the Federal Information Security Modernization Act, or FISMA, including an emphasis on consistent reporting of security incidents under policy from the DHS Cybersecurity and Infrastructure Security Agency.
“The cybersecurity vulnerability and incident response procedures currently used to identify, remediate, and recover from vulnerabilities and incidents affecting agency systems vary across agencies. Standardized response processes ensure a more coordinated and centralized cataloging of incidents and agency progress toward successful responses,” says OMB memo M-22-05.
CISA meanwhile will perform a program review of continuous diagnostics and mitigation programs “and incorporate lessons learned into a strategy to continue improving the program for FY22. This strategy will articulate challenges and opportunities for improving delivery, data quality, and support for automation.”
The memo also sets requirements and deadlines for reporting to OMB and DHS.