Agencies must assess their procedures for safeguarding classified information by the end of the month.
The Office of Management and Budget is requiring that these analyses include everything from how agencies properly label confidential information to detailed evaluations of automated data systems.
OMB Director Jacob Lew issued a memo Monday. This follows a Nov. 28 order that agencies establish teams to evaluate their security, counterintelligence and information protocols. In this latest directive, OMB wants agencies to focus on automated systems.
OMB wants the initial assessment, due Jan. 28, to build on existing requirements that agencies have ongoing self inspection programs. Agencies must look for weaknesses in automated systems, respond to questions in eight target areas, assess plans for system changes and upgrades and evaluate department security documents and protocol.
The security reviews reflect administration fears following the WikiLeaks release in which Army Private First Class Bradley Manning allegedly downloaded large caches of sensitive military material from Army computers and released it to the Internet watchdog group WikiLeaks.
As part of the assessment, the Information Security Oversight Office (ISOO) and the National Counterintelligence Executive within the Office of the Director of National Intelligence (ODNI) formulated is a list of questions around eight areas:
Management and Oversight – Does the agency have sufficient measures in place to ensure access to sensitive material is limited to appropriate personnel?
Counter intelligence – Has the agency identified and protected information that would be of interest to the nation’s enemies?
Safeguarding – How does the agency ensure that classified information is accessed and transmitted securely?
Deterring, detecting and defending against employee unauthorized disclosures – Does the agency have an insider threat program or other means by which to identify personnel trustworthiness?
Information assurance measures – Do national security systems that process classified information meet additional standards specific to their missions?
Education and Training – What does the agency do to ensure that personnel knows both the importance of protecting classified information and the punishment for violating agency security policies?
Personnel security – Has the agency established a program by which to evaluate personnel behavior and identify threat indicators?
Physical and/or Technical – Does the agency conduct annual reports on the status of its secure systems?
Following submission of the assessments, ISOO and ODNI officials will assist agencies with security measures when necessary and conduct onsite valuations to ensure compliance.
(Copyright 2011 by FederalNewsRadio.com. All Rights Reserved.)