The Office of Management and Budget (OMB) is the largest office within the Executive Office of the President of the United States (EOP). OMB's most prominent function is to produce the president's budget,but it also examines agency programs,policies,and procedures to see whether they comply with the president's policies and coordinates inter-agency policy initiatives.
The Federal Information Security Management Act of 2002 is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002. The act recognized the importance of information security to the economic and national security interests of the United States. The act requires each federal agency to develop,document,and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency,including those provided or managed by another agency,contractor,or other source.
A federal enterprise architecture framework (FEAF) is the U.S. reference enterprise architecture of a federal government. It provides a common approach for the integration of strategic,business and technology management as part of organization design and performance improvement.
A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses,worms,Trojan horses,phishing,denial of service (DOS) attacks,unauthorized access and control system attacks. While cybersecurity regulations aim to minimize cyber risks and enhance protection,the uncertainty arising from frequent changes or new regulations can significantly impact organizational response strategies.
A chief information security officer (CISO) is a senior-level executive within an organization responsible for establishing and maintaining the enterprise vision,strategy,and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying,developing,implementing,and maintaining processes across the enterprise to reduce information and information technology (IT) risks. They respond to incidents,establish appropriate standards and controls,manage security technologies,and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance. The CISO is also responsible for protecting proprietary information and assets of the company,including the data of clients and consumers. CISO works with other executives to make sure the company is growing in a responsible and ethical manner.
The Information Technology Management Reform Act of 1996 is a United States federal law,designed to improve the way the federal government acquires,uses and disposes information technology (IT). It was passed as Division E of the National Defense Authorization Act for Fiscal Year 1996. Together with the Federal Acquisition Reform Act of 1996,it is known as the Clinger–Cohen Act.
OMB Circular A-130,titled Managing Information as a Strategic Resource,is one of many Government circulars produced by the United States Federal Government to establish policy for executive branch departments and agencies.
Karen S. Evans is a former United States Senate confirmed,Presidential Appointed executive,who served as the first Assistant Secretary for Cybersecurity,Energy Security and Emergency Response at the U.S. Department of Energy. An executive who served in three Presidential Appointed positions in two Administrations.
Vivek Kundra is a former American administrator who served as the first chief information officer of the United States from March,2009 to August,2011 under President Barack Obama. He is currently the chief operating officer at Sprinklr,a provider of enterprise customer experience management software based in NYC. He was previously a visiting Fellow at Harvard University.
The federal Chief Information Officer of the United States,also known as the United States Chief Information Officer,is the administrator of the Office of Electronic Government,or the Office of the Federal CIO (OFCIO),which is part of the Office of Management and Budget. The President appoints the Federal CIO. The appointee does not require Senate confirmation. It was created by the E-Government Act of 2002.
NIST Special Publication 800-53 is an information security standard that provides a catalog of privacy and security controls for information systems. Originally intended for U.S. federal agencies except those related to national security,since the 5th revision it is a standard for general usage. It is published by the National Institute of Standards and Technology,which is a non-regulatory agency of the United States Department of Commerce. NIST develops and issues standards,guidelines,and other publications to assist federal agencies in implementing the Federal Information Security Modernization Act of 2014 (FISMA) and to help with managing cost effective programs to protect their information and information systems.
Nitin Pradhan served as the Departmental Chief Information Officer (CIO) for the US Department of Transportation (DOT) as part of the Obama Administration from July 6,2009 to August 31,2012. After leaving US DOT,Pradhan established and led the nation's first Federal Technology Accelerator and Partner Consortium called Public Private Innovations and later cofounded GOVonomy,an emerging products technology marketplace for the public sector as well as ScaleUP USA,a Digital Business Growth Accelerator.
The National Institute for Standards and Technology's (NIST) Risk Management Framework (RMF) is a United States federal government guideline,standard and process for risk management to help secure information systems developed by National Institute of Standards and Technology. The Risk Management Framework (RMF),illustrated in the diagram to the right,provides a disciplined and structured process that integrates information security,privacy and risk management activities into the system development life cycle.
The Federal Information Technology Acquisition Reform Act made changes to the ways the U.S. federal government buys and manages computer technology. It became law as a part of the National Defense Authorization Act for Fiscal Year 2015 (Title VIII,Subtitle D,H.R. 3979.
The National Cybersecurity Center of Excellence (NCCoE) is a US government organization that builds and publicly shares solutions to cybersecurity problems faced by U.S. businesses. The center,located in Rockville,Maryland,was established in 2012 through a partnership with the National Institute of Standards and Technology (NIST),the state of Maryland,and Montgomery County. The center is partnered with nearly 20 market-leading IT companies,which contribute hardware,software and expertise.
The Federal Risk and Authorization Management Program (FedRAMP) is a United States federal government-wide compliance program that provides a standardized approach to security assessment,authorization,and continuous monitoring for cloud products and services.
The Office of Personnel Management data breach was a 2015 data breach targeting Standard Form 86 (SF-86) U.S. government security clearance records retained by the United States Office of Personnel Management (OPM). One of the largest breaches of government data in U.S. history,the attack was carried out by an advanced persistent threat based in China,widely believed to be the Jiangsu State Security Department,a subsidiary of the Government of China's Ministry of State Security spy agency.
LaVerne H. Council,MBA,DBA was the Assistant Secretary for Information and Technology and Chief Information Officer for the Office of Information and Technology within the U.S. Department of Veterans Affairs. Council assumed this role in July 2015. President Obama nominated Council to the role in March 2015. Council was confirmed by the 114th Congress on June 23,2015,making Council the first female CIO of a Cabinet-level federal agency. She managed a $4.2B Information Technology (IT) appropriation,the first centralized and only IT appropriation in the federal government.
The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government,coordinating cybersecurity programs with U.S. states,and improving the government's cybersecurity protections against private and nation-state hackers.
The Cybersecurity Maturity Model Certification (CMMC) is an assessment framework and assessor certification program designed to increase the trust in measures of compliance to a variety of standards published by the National Institute of Standards and Technology.
