Federal Information Security Management Act (FISMA)
The FISMA of 2002 requires Federal agencies to implement a mandatory set of processes and system controls in order to ensure the confidentiality, integrity, and availability of system-related information and information resources. Processes implemented within each Federal agency must follow a set of established Federal Information Processing Standards (FIPS), NIST and other legislative requirements pertaining to Federal information systems, such as the Privacy Act of 1974.
To ensure compliance with FISMA requirements, GSA maintains a formalized program for information security management that is focused on meeting FISMA requirements, protecting GSA’s information resources, and supporting GSA’s mission.
This program is supported by a set of established policies, procedures, and processes to mitigate new threats and anticipate risks posed by new technologies. Designated GSA information security managers and system security officers ensure that information security requirements are being implemented in accordance with FISMA requirements and GSA’s policies.
During FY 2007, GSA continued to strengthen its security posture by addressing weakness identified in its Plan of Action and Milestones (POA&M) and completing all FISMA-related system control initiatives. For example, GSA reported that C&A, Annual Testing, and Contingency Plan Testing were completed for all of its 78 information systems. In addition, more than 14,800 Agency employees and contractors completed IT security awareness training and 99.6 percent of Agency employees with significant security responsibilities completed specialized role based training. Also, Privacy Impact Assessments (PIA) were completed on all applicable systems and the Agency continues to implement the provisions in OMB M-06-15, Safeguarding Personally Identifiable Information.
No major system control findings were identified as a result of all FISMA compliance efforts. Accordingly, management believes that GSA remains compliant with FISMA requirements and will earn another high OMB scorecard grade for FISMA compliance and IT security for FY 2007.