involved in the process allows one to focus the process and documentation towards the agency making the request. It also helps in the general sense of knowing where the document and responsibilities for review and follow-ups will end up.
The Whitehouse (www.whitehouse.gov) The President is responsible of overseeing the Executive Office of the President, which includes14: the Office of Management and Budget (OMB), the National Security Council, the Office of Homeland Security, the Office of Science and Technology Policy, as well as a number of other non-security and information technology related offices. These offices are primarily responsible for advising the President on issues pertaining to their areas of expertise and therefore have significant influence in policy decisions and drafting of Executive Orders.
Office of Management and Budget (OMB) (www.whitehouse.gov/omb) OMB is required under the Paperwork Reduction Act to “develop and implement uniform and consistent information resources management policies” as well as o v e r s e e , e v a l u a t e , a n d m e a s u r e c o m p l i a n c e . 1 5 O M B i s r e s p o n s i b l e o f o v e r s e e i n g C & A a n d r e p o r t i n g t h e r e s u l t s t o C o n g r e s s . 1 6 Office of the President. OMB is included in the Executive
Commerce Department (www.commerce.gov) The Commerce Department oversees a wide array of topics ranging from trade, economics, statistics, census, weather, and technological innovation.17 The National Institute of Standards and Technology (NIST) is an agency of the Technology Administration of the Commerce Department.
National Institute of Standards and Technology (NIST) (www.nist.gov) NIST is an agency of the Technology Administration of the Commerce Department. NIST is responsible for working with industry to “develop and apply technology, measurements, and standards.”18 The Computer Security Division of the NIST Information Technology Laboratory is responsible for developing information technology standards and guidance on applying these standards. NIST is charged with developing the standards and guidelines for compliance with FISMA19 and OMB Circular A-13020. The 800 series21 documents are especially important in understanding IT security guidelines and mandates including the mandates under FISMA.
Office of Electronic Government
© SANS Institute 2004, Author retains full rights.
14 15 16 17 18 19 20 21
The Executive Office of the President – http://www.whitehouse.gov/government/eop.html OMB Circular A-130, Section 5: Background Federal Information Security Management Act (FISMA) – 3543(a)(8)
S. Commerce Department – http://www.commerce.gov/index.html
S. Commerce Department – NIST – http://www.commerce.gov/organization.html
Federal Information Security Management Act (FISMA) – Section 303(a-d) OMB Circular A-130, Section 9c: Assignment of Responsibilities – Department of Commerce NIST Publications – http://csrc.nist.gov/publications/nistpubs/
© SANS Institute 2004,
As part of the Information Security Reading Room
5 Author retains full rights.