Agencies must complete information security evaluations by Jan. 28

The Office of Management and Budget is giving federal departments and agencies that handle classified information until Jan. 28 to complete initial assessments of how they handle classified information.

In a memo from OMB Director Jacob Lew released late Monday, administration officials outlined requirements and questions agencies should answer in completing the reviews, which were ordered in late November 2010 after the online whistleblower group WikiLeaks disclosed thousands of confidential State Department documents.

OMB instructed agency officials to review protocols for safeguarding classified and sensitive information in a Nov. 28 memo, which required agencies to establish security assessment teams to examine how computer systems that handle classified data are configured and how access to those systems is determined.

The Information Security Oversight Office, the Office of the Director of National Intelligence and OMB will assist the review teams and possibly conduct "periodic on-site reviews of agency compliance where appropriate," Monday's memo said.

OMB provided nine pages of questions agencies should address in their assessments, which should cover management and oversight, counterintelligence, information assurance measures, education and training, and personnel security.

Agencies are to assess steps they have taken to address vulnerabilities, weaknesses, or gaps in automated systems; plans for changes and upgrades to classified networks, systems, applications, databases, and websites; and all security, counterintelligence, and information assurance policy and regulatory documents.