OMB Memorandum M-14-03

Citation
Office of Management and Budget, Enhancing the Security of Federal Information and Information Systems (OMB Memorandum M-14-03) (Nov. 18, 2013) (full-text).

Overview
This memorandum provides agencies with guidance for managing information security risk on a continuous basis and builds upon efforts towards achieving the cybersecurity CAP goal. The requirement to manage information security risk on a continuous basis includes the requirement to monitor the security controls in Federal information systems and the environments in which those systems operate on an ongoing basis &mdash; one of six steps in the National Institute of Standards and Technology (NIST) Risk Management Framework. This allows agencies to maintain ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.