The Office of Management and Budget (OMB) on December 6 issued new Federal Information Security Management Act (FISMA) guidance to Federal agencies for Fiscal Years 2021-2022 that promotes agency action on several items in the Biden administration’s Cybersecurity Executive Order issued in May, and that also aligns with aspects of current Senate legislation on FISMA reform.
OMB’s new guidance supersedes previous FISMA and Cyber EO reporting guidance issued in memoranda M-21-02 and M-17-25. The agency said the guidance does not apply to “national security systems,” although OMB said, “agencies are encouraged to leverage the document to inform agency national security system management processes.”
“Recognizing that the current threat landscape requires agencies to be laser-focused on critical security measures called for by this administration, OMB has retooled its annual guidance to agencies on operating and measuring the success of their security and privacy posture,” an OMB official said.
The FISMA guidance updates, the official said, are aimed to “help agencies focus less on compliance-based activities, and spend more time measuring information that is…
