Vivek Kundra (Federal CIO), Robert Carey (Navy CIO) and Vance Hitch (DOJ CIO)
With this in mind, we have established a taskforce to develop new metrics for information security performance for Federal agencies that are focused on outcomes. To solicit the best ideas, OMB has reached out across the Federal community, as well as to the private sector.
Participants in the taskforce include: the Federal CIO Council, the Council of Inspectors General on Integrity and Efficiency, the National Institute of Standards and Technology, the Department of Homeland Security, the Department of Defense, the Director of National Intelligence, the Government Accountability Office and the Information Security and Privacy Advisory Board.
The participants in the Security Metrics Taskforce held their inaugural meeting on September 17, 2009. OMB plans to have the taskforce develop a draft set of metrics for comment by the end of November.
The participants agreed that a new set of security metrics could move the agencies forward in securing their systems as “what gets measured, gets done.” They discussed the various factors that will impact the development of new metrics, including:
- A trust but verify approach
- Fulfilling statutory requirements
- Real-time awareness security posture At the next meeting, the taskforce will begin developing potential metrics and we look forward to your input.