Today, the Information Security Oversight Office (ISOO) released its 2017 Annual Report to the President on security classification and implementation of the Controlled Unclassified Information (CUI) program. ISOO’s report highlights the high cost and inefficiency of using outmoded systems to protect America’s classified information, and recommends that the President implement a Government-wide technology strategy for the management of classified information to combat inaccurate classification and promote more timely declassification.
Based on data collected from executive agencies, the call for a common technology solution and risk management strategy to coordinate necessary improvements in the classification system complements additional findings, recommendations and judgments in the ISOO report.
ISOO also prescribes that the Office of Management and Budget consider reforming the budget process to include security classification as a line-item, as well as to prioritize dedicated funds for research and development activities and to transform acquisition practices.
ISOO’s report notes that CUI program implementation remains challenging, with too many agencies providing only limited support. ISOO believes that robust agency implementation of compliant CUI policies designed to better protect and facilitate the sharing of sensitive information would further advance the President’s management initiatives. However, the sluggish rate of agency progress toward this goal requires immediate White House intervention.
See ISOO’s Annual Report to the President for FY 2017, for the complete set of findings, recommendations, and judgments, based on quantitative data gathered from executive branch agencies, as required under Executive Order 13526.