Today, in response to the COVID-19 pandemic, ISOO issued CUI Memo 2020-03-30 that clarifies issues concerning the application of an exigent circumstances waiver to CUI safeguarding requirements while teleworking.
Today, in response to the COVID-19 pandemic, ISOO issued CUI Memo 2020-03-30 that clarifies issues concerning the application of an exigent circumstances waiver to CUI safeguarding requirements while teleworking.
The Information Security Oversight Office (ISOO) released its Fiscal Year (FY) 2018 Annual Report to the President today and posted it here. In his Letter to the President, ISOO Director Mark A. Bradley highlighted the challenges the Government faces in trying to safeguard and manage petabytes of electronic data using antiquated systems meant for paper. He also stressed the need for the Government to modernize its information security and information management policies, and to adopt a technology and investment strategy to accomplish it.
The report featured both an update on ISOO’s efforts to implement recommendations from its FY 2017 Annual Report to the President and a high-level assessment of the various programs in ISOO’s portfolio, including the Controlled Unclassified Information (CUI) Program. The first page of the FY 2018 report is dedicated to an evaluation of agency CUI implementation efforts and ISOO’s work supporting implementation. The report noted that agencies have made significant progress since last year, but work remains to be done.
Specifically, many agencies still have not submitted CUI budget estimates to the Office of Management and Budget (OMB). To aid agencies, ISOO worked with OMB to modify section 31.15 of Circular A-11, Preparation, Submission, and Execution of the Budget. This guidance now includes details meant to inform what agencies need to include in submitting their CUI implementation budget estimates: hiring staff to implement and manage the program; developing and deploying automated marking tools; and creating training programs for agency staff. ISOO also worked with the Departments of Homeland Security and Defense, the National Aeronautical and Space Administration, and the General Services Administration to draft standard safeguarding requirements for inclusion in a Federal Acquisition Regulation (FAR). ISOO and its partners hope to finalize these requirements in FY 2019 so it is ready for use by agencies.
We hope you take time to read both the Director’s Letter to the President as well as the full report.
by Mark Bradley, Director, ISOO
The Wall Street Journal reported in its April 29, 2019, edition that American intelligence chiefs now believe that Chinese espionage is the most significant long-term threat facing the country. This threat encompasses traditional spy craft, which is aimed at stealing government secrets, and the theft of intellectual property and research from corporations and universities. China’s effort is being aided and abetted by oceans of stolen personal data, such as the heist in 2015 of more than 20 million files from the Office of Personnel Management. Counterintelligence experts believe that such grand scale thefts help Chinese intelligence officers pinpoint who may be the most vulnerable to recruitment.
The Information Security Oversight Office is the Executive Agent of the government’s Controlled Unclassified Information program. This program’s primary aim is to enhance the government’s protection of sensitive but unclassified information.