Report to recognize agencies' progress toward IT security
The Bush administration is readying a report that will recognize several government agencies for making tangible progress in their efforts to meet security goals for information technology, according to administration officials.
The White House Office of Management and Budget (OMB) is preparing to send Congress an annual report highlighting the status of those IT initiatives, OMB analysts told members of a National Institute of Standards and Technology advisory board on Wednesday. The report will be the last IT security review by OMB before it updates its guidelines and agency reporting requirements under new IT rules created under a recent e-government law.
Now in its third year of conducting security reviews for federal agencies, OMB is witnessing improvement in the arena, said Kamela White, a policy analyst at OMB's Office of Information and Regulatory Affairs (OIRA). "There is clearly government-wide progress happening," she told the Information Security and Privacy Advisory Board.
The number of agencies that are crafting detailed security plans and adopting contingency plans, for example, continues to climb, she said.
"But we're also seeing recurring problems," she noted. Those ongoing concerns will be highlighted in the report.
OIRA privacy analyst Eva Kleederman also updated the panel on several of her agency's initiatives to bolster privacy protection.
OMB has begun meeting with the component agencies of the Homeland Security Department to help them comply with privacy rules. Kleederman said OMB officials met in early January with representatives of those agencies to help "them focus on what they need to do" as they begin establishing "routine uses" for data that they normally would not share outside the agencies.
Additionally, she said, "we are working on developing some intergovernmental activities, discussion groups ... to advance privacy-related discussions and initiatives." But she noted that the initiative is just beginning.
OMB also is developing guidance for making privacy policies on federal Web sites "machine readable," as required by federal e-government law. Under such a directive, agencies would need to create a mechanism to allow Web users to choose whether to continue navigating the Web site after viewing the site's privacy policies.
Kleederman sought input from the advisory board on how OMB's guidelines could give citizens the chance to limit how the government treats their personal information.