EXECUTIVE OFFICE OF THE PRESIDENT
OFFICE OF MANAGEMENT AND BUDGET
WASHINGTON, D.C. 20503
THE DIRECTOR
January 3, 2011M-11-08MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIESFROM: Jacob J. LewDirectorSUBJECT: Initial Assessments of Safeguarding and Counterintelligence Postures forClassified National Security Information in Automated SystemsOn November 28, 2010, departments and agencies that handle classified national securityinformation were directed to establish assessment teams to review their implementation of safeguarding procedures. (Office of Management and Budget, Memorandum M-11-06,“WikiLeaks - Mishandling of Classified Information,” November 28, 2010.) These assessmentswere intended to build upon the existing requirement in Executive Order 13526 (“ClassifiedNational Security Information”) for departments and agencies to establish and maintain ongoingself-inspection programs, in furtherance of the Executive Branch’s comprehensive and enduringeffort to strengthen our safeguarding and counterintelligence postures to enhance the protectionof classified national security information.Please see the attached memorandum from the Director of the Information Security OversightOffice (ISOO) and the National Counterintelligence Executive within the Office of the Directorof National Intelligence (ODNI). Their offices will – consistent with their respectiveresponsibilities under Executive Order 13526 and Section 1102 of the National Security Act of 1947 (as amended), and in coordination with the Office of Management and Budget – evaluateand assist agencies to comply with the assessment requirement and provide assistance to agencyassessment teams. Their support will include periodic on-site reviews of agency compliancewhere appropriate. The attached memorandum calls for agency teams to complete their internalassessments by January 28, 2011.Thank you for your cooperation and compliance with the further directions attached to thismemorandum.Attachment
MEMORANDUM
FOR: Senior Agency Officials Designated Under Section 5.4(d)
of
Executive Order 13526, "Classified National Security Information"FROM: Robert M. BryantNational Counterintelligence ExecutiveWilliam J.BosankoDirector, Information Security Oversight OfficeSUBJECT: Initial Assessments Pursuant to Office
of
Management and BudgetMemorandum
(M-II-06),
"WikiLeaks -Mishandling
of
ClassifiedInformation," November
28,2010
REFERENCES:
A.
Office
of
Management and Budget Memorandum,"InitialAssessments
of
Safeguarding and CounterintelligencePostures for Classified National Security Information inAutomated Systems," This Date
B.
Executive Order 13526,
"Classified National SecurityInformation"
(December
29,2009)
C.
Counterintelligence Enhancement Act
of
2002, asamendedStrong counterintelligence and safeguarding postures are necessary to protect classified nationalsecurity information.
You
have been charged with directing and administering theimplementation
of
Executive Order 13526 ("Classified National Security Information")
by
thehead
of
your department
or
agency. As such, you also have a significant role regardingcompliance
by
your department
or
agency with the subject
of
this memorandum.
On
November
28,2010,
the Office
of
Management and Budget directed departments andagencies that handle classified national security information to establish assessment teams(consisting
of
counterintelligence, security, and information assurance experts) to review theirimplementation
of
safeguarding procedures. In furtherance
of
that directive, please findattached a list
of
existing requirements and questions your department
or
agency assessmentteam should utilize, as an initial step, to assess the current state
of
your information systemssecurity.
SUBJECT: Initial Assessments Pursuant to Office
of
Management and Budget Memorandum,"WikiLeaks -Mishandling
of
Classified Information," November
28,2010
Each initial assessment should be completed by January 28,2011,and should include thefollowing with respect to the attached list
of
self-assessment questions:
1.
Assess what your agency has done or plans to do to address any perceivedvulnerabilities, weaknesses, or gaps on automated systems in the post-WikiLeaksenvironment.
2.
Assess weakness or gaps with respect to the attached list
of
questions, and formulateplans to resolve the issues or to shift or acquire resources to address thoseweaknesses or gaps.
3.
Assess your agency's plans for changes and upgrades to current classified networks,systems, applications, databases, websites, and online collaboration environments as well as for all new classified networks, systems, applications, databases, websitesor online collaboration environments that are in the planning, implementation, ortesting phases -in terms
of
the completeness and projected effectiveness
of
all types
of
security controls called for by applicable law and guidance (including but limitedto those issued by the National Security Staff, the Committee on National SecuritySystems, the National Institute for Standards and Technology).4. Assess all security, counterintelligence, and information assurance policy andregulatory documents that have been established by and for your department oragency.We look forward to working with you to implement this initial assessment and to ensure thatyour agency is best positioned to protect classified national security information. We will be intouch with agencies according to a prioritized, risk-based schedule in order to schedule adiscussion
of
your initial assessments, as well as to arrange for subsequent onsite inspections,where appropriate.
We
note that some agencies have also been asked to respond to an NCIX "Request forInformation on Classified Networks and Systems" dated December 10,2010, in support
of
National Security Staff tasking.
We
wish
to
distinguish that request from the requirements
of
this memorandum.
rJ~
J
.
l,~
Robert
M.
Bryant William J. BosankoAttachment:As Stated
Search History:
Result 00 of 00
00 results for result for
p.
MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES
Initial Assessments of Safeguarding and Counterintelligence Postures for Classified National Security Information in Automated Systems
More info: http://www.techeye.net/security/us-anti-leak-policy-leaked-to-the-media
More info: http://www.techeye.net/security/us-anti-leak-policy-leaked-to-the-media
694
Reads
4
Readcasts
54
Embed Views
Get Scribd Mobile
To get Scribd mobile enter your number and we'll send you a link to the Scribd app for iPhone & Android.We've sent a link to the Scribd app. If you didn't receive it, try again.
We'll never share your phone number.
More From This User
Notes
Load more
