Requires: (1) each Officer to include information on the agency's activities under this Act in annual reports on the agency's information security program and practices submitted to the Director of the Office of Management and Budget (OMB); and (2) the OMB Director to ensure the review of such reports by the Director of the National Institute of Standards and Technology (NIST); (3) the NIST Director to designate, as the result of such review, any significant IT vulnerabilities of such broad applicability and severity so as to warrant the use of government-wide guidelines the Director shall develop and make available to such Officers for complying with this Act; and (4) the Secretary of Commerce to mandate agency use of such guidelines.