home >
back
Department of Homeland Security (DHS) Information
Security Office (ISO) Information Security Compliance
Support
Challenges
The DHS ISO is charged with ensuring
that information systems supporting the DHS mission are
secure and compliant with Federal security requirements. ISO
needed operational support for the compliance and oversight
of the implementation of DHS information security policy
across all 22 DHS component organizations and 600+ systems.
Solutions
DRC performs Certification and
Accreditation (C&A) artifact reviews, technical compliance
reviews, as well as remediation support for financial
systems. As part of the C&A artifact reviews, DRC reviews
C&A packages submitted by components to ensure minimum
standards are met against DHS policy and the performance
scorecard. This includes the review of System Security Plans
(SSPs) and contingency plans.
To date, we have also performed six
technical Federal Information System Management Act (FISMA)
compliance reviews and are currently supporting financial
remediation efforts at the Federal Emergency Management
Agency (FEMA) and the US Coast Guard. During the FISMA
reviews, DRC performs a detailed evaluation of C&A documents
as well as a technical assessment of the vulnerabilities of
specific information systems based on DHS 4300 policy.
Our working knowledge of the ISO
environment and our practical understanding and experience
with identifying potential threats has led to improvements
in the way DHS ISO manages classified programs.
Benefits/Achievements
-
Helped DHS components remediate
findings discovered during the annual financial
statement audits of DHS.
-
Reduced the cycle time for updates
to software tools from over a year to just 3 months with
expectations to reduce it further to 45 days.
-
Helped DHS increase their grade from
a "D" on the 2006 FISMA Scorecard to a "B+" for the 2007
Scorecard.
-
Improved DHS ISO Classified Program
Management.
Interested in more information?
|
