Government Information Security Act

[AI summary unavailable — showing source text] Government Information Security Act of 1999 - Requires the Director of the Office of Management and Budget to establish government-wide policies for the management of programs that support the cost-effective security of Federal information systems by promoting security as an integral part of each agency's business operations. Requires such policies to: (1) be founded on a continuous risk management cycle; (2) implement controls that adequately address the risk; (3) promote continuing awareness of information security risks; (4) continually monitor and evaluate information security policy; and (5) control effectiveness of information security practices. Outlines information security responsibilities of each agency, including the development and implementation of an agency-wide program to provide information security for the operations and assets of such agency. Makes each program subject to Director approval and annual review by agency program officials. Requires each agency to annually undergo an independent evaluation of its information security program and practices. Requires related reports. Requires the: (1) Department of Commerce to develop, issue, review, and update standards…