Russell Vought, director of the Office of Management and Budget (OMB), has issued a memo detailing reporting requirements and deadlines for agencies in fiscal year 2021 in compliance with the Federal Information Security Modernization Act (FISMA) of 2014.
Vought said in the Nov. 9th memo the updated FISMA guidance directs agencies to report to OMB the status of their data security programs and requires inspectors general to carry out independent reviews of those programs on an annual basis.
“At a minimum, Chief Financial Officer (CFO) Act agencies must update their CIO Metrics quarterly and non-CFO Act agencies must update their CIO metrics on a semiannual basis,” the memo reads.
The document requires senior agency officials for privacy to report annually and submit documents separately via CyberScope. Those documents include an agency’s privacy program plan, breach response plan and a privacy continuous monitoring strategy.
For the Continuous Diagnostics and Mitigation (CDM) program, the memo states that the Cybersecurity and Infrastructure Security Agency (CISA) “will maintain a fully operational Federal Dashboard to provide, in aggregate, situational awareness of the Federal Government's overall cybersecurity posture.”
The CDM program management office and non-CFO Act agencies will collaborate to set up information exchange between the federal dashboard and their dashboards by the end of the fourth quarter of FY 2021, according to the memo.