OMB has issued a Memorandum, M-11-29 – Chief Information Officer Authorities (attached below) which re-defines the “changing the role of Agency Chief Information Officers (CIOs) away from just policymaking and infrastructure maintenance, to encompass true portfolio management for all IT.”
Continuous monitoring was singled out in the two-page document as a key CIO mandate. In the memo, OMB Director Lew states that CIO security responsibilities:
will include well-designed, well-managed continuous monitoring and standardized risk assessment processes, to be supported by “CyberStat” sessions run by the Department ofHomeland Security to examine implementation. Taken together, continuous monitoring and CyberStats will provide essential, near real-time security status information to organizational officials and allow for the development of immediate remediation plans to address any vulnerabilities.”
OMB is also expanding the CIO Council’s role to “allow more effective development and management of shared services, cross-agency initiatives, and governmentwide policy.”
Leave a Reply