OMB Policy 7: Implement Security Controls
Policy:
- Your agency is already required to implement security policies in OMB Circular A-130, Appendix III; OMB memorandum M-04-25, "Reporting Instructions for the Federal Information Security Management Act and Updated Guidance on Quarterly IT Security Reporting"; National Institute of Standards and Technology (NIST) Special Publication 800-44, "Guidelines on Securing Public Web Servers"; and other associated guidance from NIST. For additional information see:
- http://www.whitehouse.gov/omb/circulars/a130/a130trans4.html
- http://csrc.nist.gov/policies/FISMA-final.pdf
(PDF, 62.5 KB, 2002, requires Adobe Acrobat Reader) - http://www.whitehouse.gov/omb/memoranda/fy04/m04-25.pdf
(PDF, 269 KB, Aug 2004, requires Adobe Acrobat Reader) - http://csrc.nist.gov/publications/nistpubs/800-44/sp800-44.pdf
(PDF, 2.13 MB, Sept 2002, requires Adobe Acrobat Reader)
- Your agency is already required to provide adequate security controls to ensure information is resistant to tampering to preserve accuracy, remains confidential as necessary, and the information or service is available as intended by the agency and expected by users. Agencies must also implement management controls to prevent the inappropriate disclosure of sensitive information.
From OMB Policies for Federal Agency Public Websites
(PDF, 55 KB, Dec 2004, requires Adobe Acrobat Reader)
Implementation Guidance
Supporting Documents
- OMB Circular A-130, Appendix III
- OMB Memorandum M-04-25, "Reporting Instructions for the Federal Information Security Management Act and Updated Guidance on Quarterly IT Security Reporting"
(PDF, 269 KB, Aug 2004, requires Adobe Acrobat Reader) - National Institute of Standards and Technology Special Publication 800-44, "Guidelines on Securing Public Web Servers"
(PDF, 2.13 MB, Sept 2002, requires Adobe Acrobat Reader) - Federal Information Security Management Act of 2002 (FISMA)
(PDF, 62.5 KB, 2002, requires Adobe Acrobat Reader)
Content Lead: Sheila Campbell and Rachel Flagg
Page Updated or Reviewed: March 10, 2008