The IT Law Wiki
Register
Advertisement

Citation[]

Office of Management and Budget, FY 2011 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (OMB Memorandum M-11-33) (Sept. 14, 2011) (full-text).

Overview[]

Rather than enforcing a static, three-year reauthorization process, agencies are expected to conduct ongoing authorizations of information systems through the implementation of continuous monitoring programs. Continuous monitoring programs thus fulfill the three-year security reauthorization requirement, so a separate re-authorization process is not necessary.

Further, the memorandum requires agencies to establish monthly data feeds to CyberScope.

Advertisement