The Government Information Security Reform Act (Security Act), passed last year as part of the FY 2001 Defense Authorization Act (P.L. 106-398), amended the Paperwork Reduction Act of 1995 (PRA) by adding a new subchapter on information security. The Security Act focuses on the program management, implementation, and evaluation aspects of the security of unclassified and national security systems. Generally, the Security Act codifies existing OMB security policies, Circular A-130, Appendix III, and reiterates security responsibilities outlined in the Computer Security Act of 1987, the PRA, and the Clinger-Cohen Act of 1996. In addition, the Security Act requires annual agency program reviews and annual independent evaluations for both unclassified and national security programs. On January 16, 2001, OMB issued memorandum 01-08, guidance to agencies on implementing the Security Act. The guidance directs agency heads to transmit to OMB in September, contemporaneous with their FY 2003 budget materials, copies of the annual agency program reviews, independent evaluations, and for national security systems, audits of the independent evaluations. In addition to the program reviews and evaluations, agency heads should also provide a brief executive summary, not to exceed 15 pages, developed by the agency Chief Information Officer, agency program officials, and the Inspector General that is based on the results of their work. These executive summaries will serve as the primary basis for OMB's summary report to Congress.