What guidance identifies federal information security controls

What guidance identifies federal information security controls?
A. DoD 5400.11-R: DoD Privacy Program
B. The Freedom of Information Act (FOIA)
C. OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information
D. The Privacy Act of 1974

The Correct Answer and Explanation is:

The correct answer is C. OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information.

Explanation:

The Office of Management and Budget (OMB) Memorandum M-17-12 is a critical document that outlines the federal government’s approach to managing and safeguarding personally identifiable information (PII). This memorandum serves as guidance for federal agencies to prepare for and respond to breaches involving PII, emphasizing the need for stringent information security controls.

Key Components of OMB Memorandum M-17-12:

1. Incident Response Plans: The memorandum stresses the importance of having robust incident response plans in place. Agencies must establish procedures for reporting, investigating, and mitigating data breaches, ensuring they can swiftly address any security incidents involving PII.
2. Risk Assessments: M-17-12 mandates that federal agencies conduct regular risk assessments to identify vulnerabilities in their information systems. This proactive approach helps in implementing appropriate security controls tailored to the specific risks associated with handling PII.
3. Employee Training: The memorandum highlights the necessity of training federal employees on information security practices, particularly those related to the handling of PII. Continuous education helps in fostering a culture of security awareness and accountability among staff.
4. Collaboration with Stakeholders: Agencies are encouraged to collaborate with various stakeholders, including the Department of Homeland Security and the National Institute of Standards and Technology, to share best practices and enhance their information security posture.
5. Reporting Requirements: The memorandum establishes clear reporting requirements for breaches of PII, mandating that agencies notify affected individuals and relevant authorities promptly. This transparency helps mitigate the impact of breaches and enhances public trust in federal agencies.

In summary, OMB Memorandum M-17-12 provides essential guidance on federal information security controls specifically aimed at protecting PII, making it the correct choice in identifying frameworks for managing and safeguarding sensitive information within federal agencies.