OFFICES
US Department of Education Principal Office Functional Statements
Office of the Chief Information Officer

Functional Statements > Office of the Chief Information Officer

C. INFORMATION ASSURANCE SERVICES

Information Assurance Services (IAS) oversees the Department's information technology security program and ensures the confidentiality/privacy, integrity, and availability of the Department's information and information resources. IAS ensures that the Department is fully compliant with the Federal Information Security Management Act of 2002 (FISMA). The organization provides standardized security services and solutions in areas such as Risk Management; Access Controls; Identity and Access Management, Authentication; Encryption Solutions; Public Key Infrastructure (PKI) Technology; and Certification and Accreditation (C&A). 

IAS also directs the agency’s Managed Security Services Program (MSSP) ensuring contractor compliance with MSSP requirements governing the management of the agency’s enterprise-wide security operations center, the mitigation of security vulnerabilities and improvement of the Department’s IT security posture; portal security, and sound configuration management of EDUCATE and its tenant systems.

The Director, IAS reports to the CIO and provides overall leadership and coordination to the immediate office staff of ITS and to the following components:

TOP

Audit and Incident Response Team
In performing its responsibilities, the team:

  • Directs the Department's enterprise-wide information assurance activities, developing policies and guidance to prevent and defend against unauthorized access to networks, system, and data directly or indirectly related to the Department's activities.
  • Coordinates department wide policies regarding network and system security, management, operational, and technical controls.
  • Directs and manages annual FISMA reporting, and coordinates Program Reviews with the OIG and Senior Action Officer for Privacy (SAOP) in accordance with OMB guidance. 
  • Manages incident responses with US-CERT, ED OIG, and other Law Enforcement authorities, and ensures conformance to defined security guidelines and configurations
  • Coordinates agency-wide IT security incident reporting and emergency response activities and serves as the Department liaison with the Office of General Counsel, US Computer Emergency Response Team (US-CERT), the FBI, OIG and other external law enforcement agencies concerning IT security incident reporting and follow-up activities.
  • Conducts annual Department-wide security reviews mandated by the Federal Information Security Management Act (FISMA) and periodically assists the agency's OIG with the conduct and resolution of Department IT security program and system audits.
  • Defines IT security curricula and provides specialized security training for agency's technical staff and general security awareness/orientation training required of all Departmental employees.
  • Serves as the Department's official repository for and maintains plans of action and milestones (POA&M) to address weaknesses disclosed by FISMA reviews, IG audits, C&A and Federal Managers Financial Management Integrity Act (FMFIA) annual certifications related to IT security matters.

TOP

Certification and Accreditation Team
In performing its responsibilities, the team:

  • Provides agency-wide leadership in maintaining and improving the availability, confidentiality and integrity of data maintained in the Department's information systems, including ongoing support of the agency's Data Integrity Board and data matching/exchange agreements with other agencies.
  • Enforces Federal IT security standards, including review and evaluation activities prescribed by OMB Circulars A-123 and A-130.
  • Enforces Principal Office application inventory certification
  • Conducts annual security reviews, such as incident response exercises and continuity exercises, and evaluate and measure the effectiveness of security policies, procedures and standards.
  • Creates, manages and maintains a master library of all technical and process documentation and supports the EDUCATE Certification and Accreditation program.
  • Reviews Systems System Security Plans
  • Conducts and reviews Risk Assessments
  • Reviews Security Self Assessments
  • Monitors contractor compliance with conducting System Security Tests and Evaluations
  • Monitors contractor compliance with assessing risks found during System Security Tests and Evaluations and Risk Assessments
  • Reviews Systems Program Objectives and Milestones
  • Assembles and checks Certification and Accreditation Packages

TOP
 
Print this page Printable view Send this page Share this page
Last Modified: 05/05/2008