ISOO Publishes its FY 2019 Annual Report to the President

Each year, ISOO reports to the President on the implementation of the Classified National Security Information (CNSI) and Controlled Unclassified Information (CUI) programs, following requirements in Executive Orders 13526 and 13556. These reports include data and analyses on Federal agency implementation of the CNSI and CUI programs. They support ISOO’s oversight responsibilities and ensure agency compliance with executive branch policy requirements. These reports also include key findings, judgments, and recommendations that seek to improve efficiencies and effectiveness in how our Government manages and protects this information.

ISOO published its FY 2019 Annual Report to the President.  It highlights ISOO’s multi-year project to modernize CNSI data collection methods to better reflect how agencies operate in the digital environment. It seeks new metrics that will ensure that the data we collect and analyze is useful, accurate, measurable, and consistent. This reform project is an essential first step that will aid efforts to modernize the CNSI program.

As the Director of ISOO, Mark A. Bradley, stated in his letter to the President, “While dozens of agencies now use various advanced technologies to accomplish their missions, a majority of them still rely on antiquated information security management practices. These practices have not kept pace with the volume of digital data that agencies create and these problems will worsen if we do not revamp our data collection methods for overseeing information security programs across the Government. We must collect and analyze data that more accurately reflects the true health of these programs in the digital age.”

Other areas of focus in the FY 2019 report include CNSI and CUI program oversight and compliance, technology investments needed to transform the CNSI system, declassification modernization, National Industrial Security Program (NISP) oversight of cleared industry, and the work of the Interagency Security Classification Appeals Panel (ISCAP).