Welcome Login

For current information from GSA about COVID19 please click HERE

You are here

OMB M-17-05: "Fiscal Year 2016 – 2017 Guidance on Federal Information Security and Privacy Requirements”

On November 4, 2016, the Office of Management and Budget (OMB) published Memorandum M-17-05 “Fiscal Year 2016 - 2017 Guidance on Federal Information Security and Privacy Management Requirements”. This memorandum establishes current Administration information security priorities and provides agencies with Fiscal Year (FY) 2016 - 2017 Federal Information Security Modernization Act (FISMA) and Privacy Management reporting guidance and deadlines. It is directed to Federal Agencies and does not apply to national security systems.

Section I:“Information Security and Privacy Program Oversight and Reporting”, is comprised of requirements to assist agencies with the adoption of Administration priorities and provide OMB the performance indicators necessary to conduct oversight and understand risk through an enterprise-wide lens.

Section II:“Updated Major Incident Definition and DHS US-CERT Incident Notification Guidelines”, includes updates to both the definition of “major incidents” and the DHS United States Computer Emergency Readiness Team (US-CERT) Incident Notification Guidelines.

The FY 2017 CIO FISMA Metrics are available on the DHS Webpage. These metrics focus on assessing agencies’ progress toward achieving outcomes that strengthen Federal cybersecurity. As with FY 2016, this year’s metrics are organized around the National Institute of Standards and Technology’s (NIST) “Framework for Improving Critical Infrastructure Cybersecurity” (Cybersecurity Framework).

Follow this link to the Department of Homeland Security (DHS) FISMA Webpage:


Follow this link to the FY 2017 Chief Information Officer (CIO) FISMA Metrics:


Follow this link to the NIST Cybersecurity Framework:



Views: 1657

The purpose of this community is to provide a place where customers and industry partners can engage and discuss Cybersecurity related topics.... More

Visit the HACS SIN website to find high quality cybersecurity services to meet your needs:

  1. High Value Asset (HVA) Assessments
  2. Risk and Vulnerability Assessment (RVA)
  3. Cyber Hunt
  4. Incident Response
  5. Penetration Testing
  • jgwiazda's picture
  • leo.alvarez's picture
  • ebrice3996's picture