Information Security in Unclassified Systems

6. Emphasize the need for information security in sensitive unclassified
systems.

OMB and NIST, with technical assistance from NSA, should (1) improve
planning capabilities for security by requiring an information security
plan to be part of each agency's strategic IT plan; (2) identify
computer security as a material weakness in the Federal Managers
Financial Integrity Act report if it does not meet established
thresholds; (3) require employees and contractors to complete awareness
and training; (4) improve planning for contingencies; and (5) establish
and employ formal contingency response capabilities.  These requirements
should be included in future revisions to OMB Circular No. A-130,
Management of Federal Information Resources, to be issued no later than
December 1994.