Filed August 3, 2016
Additionally, the Director must review each agency’s security programs at least annually and approve or disapprove them. 44 U.S.C. § 3553(a)(5). Finally, the Director must report to Congress annually on the “effectiveness of information security policies and practices during the preceding year.”