Federal Information Security
Management Act (FISMA)
IceTech provides:
Security Program Support:
Core services include support to application business unit owners
in the following areas:
Overall compliance with Federal Information Systems Security Act
(FISMA) requirements at Federal and State Agency level;
Documentation development required for security Certification and Accreditation
(C&A), integrated into System Life Cycle artifact milestone exit requirements. To
include:
- FIPS data risk categorization;
- Privacy Impact Analysis;
- Risk Assessment;
- System Security Plan (SSP);
- Information Technology Contingency Plan (ITCP)
- Review of OMB required E-300s and other budget documents related
to security costing accuracy
Where the above documentation exists, performing independent management
evaluation prior to IG reviews. Prep and onsite support for IRS state
agency reviews of IRC 6103 data.
Support for development or execution of FISMA Continuous Monitoring
requirement (formerly known as NIST 800-26/53 Self Assessments)
Service delivery options:
1. Dedicated staff assigned on a full time
basis to support on-going activity.
- Staff becomes familiar with business unit activity allowing for
more efficient development of deliverables.
- Allows for more definitive development of agency budget needs
to support task delivery.
- Immediate availability allows for direct on-going support to
government business unit managers and employees assigned responsibility
for these tasks.
- Allows for performance of ad hoc tasks, as required by agency/bureau
security program offices, as well as any required support for meetings
related to internal guidance on core services related to Icetech
tasks.
2. Stand-alone task by task delivery development
- Allows for flexibility when budgets will not support the dedicated
staff option;
- Provides the capability to select only specific Icetech core
services.
- The implementation of cost-effective, risk-based information
security programs;
- The establishment of a level of security due diligence for federal
agencies and contractors supporting the federal government;
- More consistent and cost-effective application of security controls
across the federal information technology infrastructure;
- More consistent, comparable, and repeatable security control
assessments;
- A better understanding of enterprise-wide mission risks resulting
from the operation of information systems;
- More complete, reliable, and trustworthy information for authorizing
officials---facilitating more informed security accreditation decisions;
and
- More secure information systems within the federal government
including the critical infrastructure of the United States.
|