The White House’s Office of Management and Budget instructed U.S. federal agencies to alert the US-CERT within one hour to any breach involving personally identifiable information, even if the possibility of a breach is only suspected. Another memo (PDF), dated 15th July, required that government agencies report any computer systems missing from their inventory and outline the results of an investigation into handling of personally identifiable information within their agency. The latest memos clarify the obligation of federal agencies under the Federal Information Security and Management Act (FISMA) of 2002, under which agencies get graded on their security postures.