OMB Memorandum M-18-02 FY 2017-2018 Guidance on Federal Information Security and Privacy Management Requirements
Editor’s Note: The complete OMB is available here. Below is an excerpt.
From: OMB Memorandum M-18-02, October 16. 2017
Purpose
This memorandum provides agencies with Fiscal Year (FY) 2017-2018 Federal Information Security Modernization Act of 2014 (FISMA) reporting guidance and deadlines.1 FISMA requires the Office of Management and Budget (OMB) to oversee agency information security policies and practices. 2 This memorandum describes the processes for Federal agencies3 to report to OMB and, where applicable, the Department of Homeland Security (DHS). This memorandum does not apply to national security systems or intelligence community systems, although both communities may leverage the document to inform their management processes.
***
Section I of this memorandum describes Information Security Program Oversight and FISMA Reporting Requirements and includes deadlines for all Federal agencies’ quarterly and annual FISMA metrics. These reporting requirements also fulfill the requirement for agencies to conduct regular risk management assessments established in Executive Order (EO) 13800 “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” Section II describes continuing Incident Reporting Guidelines, including the requirements maintained from the rescinded M-15-01, M-16-03, and M-17-05.
Section I: Information Security Program Oversight and FISMA Reporting Requirements
I. Reporting to OMB and DHS
Read Complete OMB Memorandum M-18-02