Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

5.1 Office of Management & Budget (OMB)

Key Organizations

5.1 Office of Management & Budget (OMB)

OMB is responsible for overseeing Federal agencies’ information technology practices. As a part of this core function, OMB develops and ensures implementation of policies and guidelines that drive enhanced technology performance and budgeting across the Executive Branch. The Federal CIO heads OMB’s Office of E-Government and Information Technology (E-Gov), which develops and provides direction in the use of Internet-based technologies. The two major policies and guidelines are FITARA and FISMA.

With FITARA, the Common Baseline was set forth and the role of Agency CIOs was expanded with increased responsibilities through the National Defense Authorization Act for Fiscal Year 2015. (Public Law 113-291. Sec. 831. National Defense Authorization Act for Fiscal Year 2015.) Per OMB M-15-14, the specific requirements of FITARA include:

With FISMA, information security requirements were set forth based on NIST compliance documents. (NIST. Federal Information Security Management Act (FISMA) Implementation Project.) FISMA requires annual evaluations of the information security program at each federal agency, which are reviewed by DHS and OMB, and incorporated into an annual report to Congress. FISMA states:

  • The Director [OMB] shall oversee agency information security policies and practices, including developing and overseeing the implementation of policies, principles, standards, and guidelines on information security.
  • Not later than March 1 of each year, the Director [OMB], in consultation with the Secretary [DHS], shall submit to Congress a report on the effectiveness of information security policies and practices during the preceding year.

Each year, not later than such date established by the Director [OMB], the head of each agency shall submit to the Director [OMB] the results of [their agency’s] evaluation required under this section. (CIO Council. CISO Handbook.)