Implementation of Information Security Management System (ISMS) is one of the internal control measures to minimize risk and information security threats such as information leakage, application malfunction, loss of data, and low performance of IT networks. Several incidents related to information security have already occurred in the implementation of Treasury System and the State Budget (SPAN) within the Directorate General of Treasury. Therefore, Directorat General of Treasury has made efforts to implement information security in accordance with Ministry of Finance Decree No. 479 / KMK.01 / 2010 on Policy and Management System Standards Information security. In this study, Index KAMI which was published by the Directorate of Information Security, Ministry of Communication and Information has been used to evaluate the maturity level of SPAN's information security. Six key areas examined in this study are the role and the importance of ICT, information security governance, risk management, information security, information security management framework, management of information assets, technology of information security. The results showed that the maturity level of SPAN implementation is still at Level II (basic framework implementation). Of the six key areas analyzed, information security technology scored the highest (83%). However, risk management still shows low score that need special attention from the Directorate General of Treasury.