According to the memo, OMB will continue to oversee agency information security practices, in accordance with the Federal Information Security Management Act of 2002.
It said DHS is to work with each agency to establish an ISCM implementation program that capitalizes on the processes established in the CONOPS and leverages, to the extent practicable, the BPA.
DHS, in consultation with OMB, must establish a federal dashboard for ISCM, which will provide a government-wide view of ISCM, as well as the technical specifications and guidance for agencies on the requirements for submitting information to this federal dashboard.
DHS, in coordination with OMB, must monitor the implementation of agencies ISCM strategies and programs in conjunction with PortfolioStat (IT spending reviews) and through CyberStat (sessions with DHS to review an agency’s cyber security posture.
The Joint Continuous Monitoring Working Group in coordination with stakeholders,must update the US Government Concept of Operations for Information Security Continuous Monitoring at least annually.
NIST further must issue additional guidance on conducting ongoing authorizations.
