OMB

Question 1

M-96-20

Answer 1

Implementation of the Information Technology Management Reform Act of 1996

Question 2

M-97-02

Answer 2

Funding Information Systems Investments

Question 3

M-97-16

Answer 3

Information Technology Architecture

Question 4

M-09-32

Answer 4

Update on the Trusted Internet Connections Initiative

• Inventory external connections
• Required agencies to submit POAM for meeting TIC requirements

Question 5

M-09-02

Answer 5

Information Technology Management Structure and Governance Framework

-Heads of agencies to consult with the Director of the OMB prior to appointing a CIO, and to advise the Director on matters regarding the authority, responsibilities and organizational resources of the CIO, per OMB Circular A-130

Question 6

M-08-27

Answer 6

Guidance for Trusted Internet Connection (TIC) Compliance

Question 7

M-08-23

Answer 7

Securing the Federal Government’s Domain Name System Infrastructure

Question 8

M-08-22

Answer 8

Guidance on the Federal Desktop Core Configuration (FDCC)

-Agencies will use SCAP tools to scan for both FDCC configurations and configuration deviations approved by the AO

Question 9

M-08-16

Answer 9

Guidance for Trusted Internet Connection Statement of Capability Form (SOC)

Question 10

M-08-05

Answer 10

Implementation of Trusted Internet Connections (TIC)

Question 11

M-08-01

Answer 11

HSPD-12 Implementation Status

Question 12

M-07-18

Answer 12

Ensuring New Acquisitions Include Common Security Configurations

-Provides recommended language to ensure new acquisitions include common security configurations and vendors certify their products operate effectively using these configurations

Question 13

M-07-16

Answer 13

Safeguarding Against and Responding to the Breach of Personally Identifiable Information

• Safeguarding PII
• Breach notification policy
• SAOP reporting metrics
• Requires agency-based incident reporting policy

Question 14

M-07-11

Answer 14

Implementation of Commonly Accepted Security Configurations for Windows Operating Systems

Question 15

M-07-06

Answer 15

Validating and Monitoring Agency Issuance of Personal Identity Verification Credentials

-Ensure agency credentials meet FIPS 201 requirements

Question 16

M-06-19

Answer 16

Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency Information Technology Investments

-Requires reporting of potential PII data breach events to CERT within 1 hour of discovery

Question 17

M-06-18

Answer 17

Acquisition of Products and Services for Implementation of HSPD-12

Question 18

M-06-16

Answer 18

Protection of Sensitive Agency Information

Question 19

M-06-15

Answer 19

Safeguarding Personally Identifiable Information

-Requires privacy policies and public release of policies

Question 20

M-06-06

Answer 20

Sample Privacy Documents for Agency Implementation of Homeland Security Presidential
Directive (HSPD) 12

Question 21

M-05-24

Answer 21

Implementation of Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors

Question 22

M-05-08

Answer 22

Designation of Senior Agency Officials for Privacy

Question 23

M-04-16

Answer 23

Software Acquisition

Question 24

M-04-15

Answer 24

Development of Homeland Security Presidential Directive (HSPD) - 7 Critical Infrastructure Protection Plans to Protect Federal Critical Infrastructures and Key Resources

Question 25

M-04-04

Answer 25

E-Authentication Guidance for Federal Agencies

• Requires eRA for all electronic transactions
• Defines criteria for access to Federal services online

Question 26

M-03-22

Answer 26

OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002

-Provides PIA guidance and requirements for all federal agencies

Question 27

M-03-18

Answer 27

Implementation Guidance for the E-Government Act of 2002

Question 28

M-02-09

Answer 28

Reporting Instructions for the Government Information Security Reform Act and Updated Guidance on Security Plans of Action and Milestones

Question 29

M-02-09

Answer 29

Guidance for Preparing and Submitting Security Plans of Action and Milestones

Question 30

M-01-05

Answer 30

Guidance on Inter-Agency Sharing of Personal Data - Protecting Personal Privacy

Question 31

M-00-13

Answer 31

Privacy Policies and Data Collection on Federal Web Sites

Question 32

M-99-18

Answer 32

Privacy Policies on Federal Web Sites

Question 33

M-10-28

Answer 33

Clarifying Cybersecurity Responsibilities and Activities of the Executive Office of the President and DHS

• Set OMB as reporting agency and DHS and Gathering agency for cybersecurity data and events
• Updated by FISMA 2014

Question 34

M-14-03

Answer 34

Enhancing the Security of Federal Information and Information Systems

-Established continuous monitoring under DHS control

Question 35

M-14-04

Answer 35

Fiscal Year 2013 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management

• Made 800-53 privacy controls mandatory
• SAOP approval required for ATO