From: Government Security News

By: Jacob Goodwin

The Director of the Office of Management and Budget, Jacob Lew, issued a memorandum to all federal department and agency heads on August 8 that identifies four main areas of responsibility for chief information officers, including primary responsibility for overseeing their department’s information security program aimed at safeguarding both information and IT systems.

“Part of this program will include well-designed, well-managed continuous monitoring and standardized risk assessment processes, to be supported by ‘CyberStat’ sessions run by the Department of Homeland Security to examine implementation,” wrote Lew. “Taken together, continuous monitoring and CyberStat will provide essential, near real-time security status information to organizational officials and allow for the development of immediate remediation plans to address any vulnerabilities.”

Lew’s memorandum identified three other areas of responsibility for a department or agency CIO: driving the investment review process for the organization’s IT procurements, eliminating duplication in the department’s IT investments and improving the overall management of large federal IT projects.

“With responsibilities for these four areas,” said memorandum M-11-29, “Agency CIOs will be held accountable for lowering operational costs, terminating and turning around troubled projects, and delivering meaningful functionality at a faster rate while enhancing the security of information systems.”

The CyberStat review process is a DHS effort modeled after OMB’s “TechStat” process which carefully examines IT performance issues.