An Official Website of the United States Government
Blog
Displaying 1 - 3 of 5 items.
Monday, September 28, 2009
Moving Beyond Compliance: The Status Quo Is No Longer Acceptable
Vivek Kundra (Federal CIO), Robert Carey (Navy CIO) and Vance Hitch (DOJ CIO)
The threats to our nations information security continue to evolve and therefore our approach to cybersecurity must confront these new realities. In order to meet the evolving challenges we now face, Federal Information Security Management Act (FISMA) metrics need to be rationalized to focus on outcomes over compliance. Doing so will enable new and actionable insight into agencies' information and network security postures, possible vulnerabilities and the ability to better protect our federal systems.
With this in mind, we have established a taskforce to develop new metrics for information security performance for Federal agencies that are focused on outcomes. To solicit the best ideas, OMB has reached out across the Federal community, as well as to the private sector.
Participants in the taskforce include: the Federal CIO Council, the Council of Inspectors General on Integrity and Efficiency, the National Institute of Standards and Technology, the Department of Homeland Security, the Department of Defense, the Director of National Intelligence, the Government Accountability Office and the Information Security and Privacy Advisory Board.
The participants in the Security Metrics Taskforce held their inaugural meeting on September 17, 2009. OMB plans to have the taskforce develop a draft set of metrics for comment by the end of November.
The participants agreed that a new set of security metrics could move the agencies forward in securing their systems as "what gets measured, gets done." They discussed the various factors that will impact the development of new metrics, including:
- A trust but verify approach
- Fulfilling statutory requirements
- Real-time awareness security posture
At the next meeting, the taskforce will begin developing potential metrics and we look forward to your input.
Friday, August 14, 2009
Learning from best practices
Vivek Kundra, Federal CIO
On August 7, CIOs from across the Federal government gathered to share their experiences using the IT Dashboard and to discuss how to effectively manage their agency portfolios. There was vigorous debate and lots of energy in the room – and a clear message emerged: the IT Dashboard provides a powerful new tool for agency CIOs to use. However, no tool can replace good management. Ultimately, accountability for the performance of agency IT investments rests with agency CIOs.
This perspective was echoed by speakers from the Office of Management & Budget, Congress, the Government Accountability Office (GAO), and the Inspector General communities.
Looking ahead, the CIO Council is sharing best practices that enable the effective management of our IT portfolio. Recommendations will be developed in key areas such as:
- Risk Management
- Requirements Management
- Contractor Oversight
- Historical Performance
Wednesday, August 5, 2009
CIO evaluations are in
Vivek Kundra, Federal CIO
We just reached an important milestone with respect to the Agency CIOs completing their reviews of the federal government’s major IT investments. On June 30, when we launched the IT Dashboard, just 20 percent of investments were evaluated. Today, 100 percent of the government’s IT investments have been evaluated.
In 1996, the Clinger-Cohen Act established agency CIOs and called on them to “monitor the performance of information technology programs of the agency, evaluate the performance of those programs on the basis of the applicable performance measurements.” The completion of these evaluations is a significant step towards fulfilling these duties. As a result, CIOs are now better poised to advise the head of the agency regarding whether to continue, modify, or terminate a program or project.
The IT Dashboard is a powerful platform for delivering insights, but it is not a substitute for good management. On August 7, we will convene the CIO Council to share best practices and apply management approaches to improve data quality, increase transparency, and enhance project performance across the federal government. We need to adopt an evidence based approach to governance by employing platforms like the IT dashboard so we can report, analyze, monitor, and predict performance.
