NOTE TO CHIEF INFORMATION OFFICERS And Security Officers
FROM: Mark Forman, Associate Director for IT and E-gov, OMB
Karen Evans, CIO Council Vice-Chair
Van Hitch, CIO Council Security Liasion
SUBJECT: Securing Enterprise Architecture Software
We want to take this opportunity to highlight the importance of applying IT security practices to Enterprise Architecture tools. Given the importance of Enterprise Architecture (EA) “applications” — software tools that facilitate the development, documentation or analysis of an organization’s enterprise architecture — and the detailed information they and associated data bases contain regarding agency assets and processes, agency EA applications and associated data bases should be considered mission critical IT investments. Accordingly, we want to remind you that these applications must be appropriately secured to protect against the harm resulting from the loss, misuse, or unauthorized access to or modification of information. Agencies should do so consistent with the requirements of the Government Information Security Reform Act (now FISMA, the Federal Information Security Management Act). Agencies should discuss actions to secure these systems as part of the next quarterly update of agency plans of action and milestones.