The IT Law Wiki


Floyd D. Spence National Defense Authorization Act for Fiscal Year 2001. Title X, Subtitle G — Government Information Security Reform Act (GISRA), Pub. L. No. 106-398 (Oct. 30, 2000).


The Act amended the Paperwork Reduction Act of 1995 (PRA) by enacting a new subchapter on “Information Security,” which primarily addressed the information security program, evaluation, and reporting requirements for federal agencies. The Act became effective on November 29, 2000.

The Act:

Office of Management and Budget[]

For unclassified systems, OMB retained its existing policy authority under the PRA and the Clinger-Cohen Act of 1996.

Except for the new annual program reviews, the role of the agencyInspector General, and the annual reporting requirement, the Act essentially codifies the existing requirements of OMB Circular No. A-130, App. III, "Security of Federal Automated Information Resources."

The Act also requires agencies to incorporate security into the life cycle of agency information systems.[1]

For national security systems, the Act directs OMB to delegate certain authorities to "the Secretary of Defense, the Director of Central Intelligence, and another agency head as designated by the President." The Act also directs OMB to delegate to the Secretary of Defense certain limited authorities concerning DOD unclassified mission critical systems.


  1. For guidance on meeting this requirement, see OMB Memorandum M-00-07, "Incorporating and Funding Security in Information Systems Investments," now incorporated into Section 8b(3) of OMB Circular No. A-130.

See also[]