The Office of Management and Budget (OMB) recently reported to the Congress on the Government's overall information security status. It documents significant strides in addressing long-standing problems in this area while identifying weaknesses that remain. One government-wide weakness identified is a lack of understanding by agency officials of their responsibilities for ensuring the security of information and systems. The OMB report presents an action plan for closing these gaps through both management and budgetary processes. FISMA data for fiscal year 2003 showed that the 24 Federal agencies reporting increased their compliance with the information security requirements of OMB's performance measures; however, the results reported by agencies varied widely, with some reporting that less than half of their systems met certain requirements. Further, GAO noted opportunities to improve the usefulness of reported performance management data, including independent validation of these data and completion of system inventories. The National Institute of Standards and Technology (NIST) made progress in developing security-related standards and guidance required by FISMA. These include standards to categorize systems according to potential impact in the event of a security breach and recommendations for controls for such systems. NIST advises, however, that current and future funding constraints could threaten its information security work. 27 notes