What is this?
This website acts as a repository for information about U.S. federal information security topics — specifically, the laws, regulations, and administrative policies, procedures, and guidance that require compliance by federal government entities in their implementation of information security mechanisms.
Most visitors use this website for the Office of Management and Budget (OMB) memoranda disposition table, a public, near-comprehensive list of the current rescission status of OMB memoranda issued since 1995.
What can I look at?
- OMB Memoranda Disposition Table
- A regularly updated disposition table listing the rescission status of OMB memoranda issued since 2000. (The most-used part of this site.)
- Controlled Unclassified Information (CUI) Rule: Moderate Categorization Requirement Critique
- A critique of the federal CUI regulation’s requirement that the presence of information determined to be CUI should always mandate the National Institute of Standards and Technology (NIST) moderate security control baseline.
- “Major Information System”
- A review of the history of the term “major information system,” as introduced by the Paperwork Reduction Act of 1980, and its current implied requirements for federal agencies.
- DNSSEC: Federal Requirements
- A review of the history of the federal government’s requirement to implement Domain Name System Security Extensions (DNSSEC) and the remaining sources requiring such implementation.
- “General Support System” and “Major Application”
- A history now-deprecated terms used to categorize federal information systems.
- Computer Security Act of 1987
- A section-by-section summary and analysis.
- OMB Circular A-71 Transmittal Memorandum No. 1
- A section-by-section summary and analysis of the first explicit policy directive requiring information security safeguards for federal, non-military information systems.