The Obama White House is asking all federal departments and agencies to wrap up by Jan. 28 an initial assessment of how they safeguard national security information. The internal reviews, which began last November, were spurred by the massive release of internal national security documents by the website WikiLeaks.
In a Jan. 3 memo, Office of Management and Budget Director Jacob Lew said the director of the Information Security Oversight Office and the National Counterintelligence Executive within the Office of the Director of National Intelligence will evaluate and assist the departments and agencies in their compliance. "Their support will include periodic on-site reviews of agency compliance where appropriate," Lew said.
Lew's memo lays out what each department and agency should include in its review:
1. Assess what your agency has done or plans to do to address any perceived vulnerabilities, weaknesses, or gaps on automated systems in the post-WikiLeaks environment.
2. Assess weakness or gaps with respect to the attached list of questions, and formulate plans to resolve the issues or to shift or acquire resources to address those weaknesses or gaps.
3. Assess your agency's plans for changes and upgrades to current classified networks, systems, applications, databases, websites, and online collaboration environments as
well as for all new classified networks, systems, applications, databases, websites or online collaboration environments that are in the planning, implementation, or testing phases -in terms of the completeness and projected effectiveness of all types of security controls called for by applicable law and guidance (including but limited to those issued by the National Security Staff, the Committee on National Security Systems, the National Institute for Standards and Technology).
4. Assess all security, counterintelligence, and information assurance policy and regulatory documents that have been established by and for your department or agency.