OMB has issued a memo identifying current information security priorities and providing agencies with fiscal 2014 – 2015 FISMA and privacy management reporting guidance and deadlines, including a list of what agencies must provide by a November 14 reporting deadline.
The memo emphasizes and provides guidance on new initiatives that OMB and DHS, in coordination with National Security Council staff and in collaboration with NIST and other agencies, have developed within the previous year.
For example, OMB’s memo on the continuous diagnostics and mitigation program (M-14-03) requires agencies to assess information security risks on an ongoing basis and provides a central blanket purchase agreement for use by federal agencies and state, local, and tribal governments to procure a standard set of cybersecurity tools and services to improve the monitoring and defense of their networks.
M-14-03 also required agencies to develop continuous monitoring (ISCM) strategy, which is due to OMB via CyberScope by November 14, 2014.
Federal agencies must assess their information security capabilities against enhanced FISMA metrics at the beginning of fiscal 2015 (including new outcome-oriented metrics to complement existing compliance-oriented metrics, to include anti-phishing and malware defense metrics).
OMB and NSC have updated the cybersecurity cross-agency performance (CAP) goal to include anti-phishing and malware defense as an additional priority area, citing a significant growth in phishing attacks in recent months.
