Which act requires each federal agency to implement an information security program and to report annually to the OMB on the adequacy of the security program, the adequacy of plans and reports relating to annual budgets, and any significant deficiency?

Federal agencies must implement an information security program and report annually to the Office of Management and Budget on the program’s adequacy, on the adequacy of plans and reports relating to annual budgets, and on any significant deficiencies. This is a requirement established to ensure ongoing oversight, governance, and resource alignment for federal information security across agencies. The act that sets this framework is the one known for establishing a government-wide information security program and annual OMB reporting. Other acts address different areas—HITECH focuses on health information privacy and HIPAA, COPPA protects children's online privacy, and the Economic Espionage Act deals with sensitive information and trade secrets—none of which implement or mandate the annual OMB reporting of an agency-wide information security program.