Senior accountable officials tasked with managing federal agency risks and reports under the "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure" executive order can look to an Office of Budget and Management memo for assistance on meeting deadlines.
Issued to agencies by OMB Director Mick Mulvaney on May 19, the reporting guidance attempts to reduce the burden of implementing President Trump's May 11 EO by laying out clear steps for designated agency heads to reinforce the Federal Information Security Modernization Act of 2014.
To begin, all agencies must submit responses to the FY 2017 Quarter 3 FISMA CIO metrics through the DHS CyberScope system on or before July 14, 2017. Once OMB returns agency-specific risk assessments, agencies must provide a written response to that review by July 28, 2017, explaining any plans to accept, avoid, transfer or mitigate outstanding risks by Aug. 9, 2017.
In addition to the metrics requirements, agency heads are required to submit an action plan for aligning activities with the Framework for Improving Critical Infrastructure Cybersecurity's standards for organizing capabilities. The Framework Implementation Action Plan must be provided in PDF format through DHS CyberScope on or before July 14, 2017, in addition to responding to the questions in CyberScope.
The entire memo, with further action plan specifications, can be viewed on OMB's website.