GSA office gets infosec management

OMB GISRA reporting guidelines

Telos Corp. announced Aug. 13 it signed a contract to support the information security management of systems within the General Services Administration's Office of Governmentwide Policy.

Telos and its subsidiary Xacta Corp. will perform security risk assessments of the office's systems. The company also will evaluate the office's security, contingency, configuration, and certification and accreditation plans, and help develop new ones.

The blanket purchase agreement potentially could be worth $10 million over five years.

Agencies are required to take specific security management actions under various laws and regulations, but Congress underlined the importance of such steps in the Government Information Security Reform Act (GISRA) of 2000. GISRA calls for agencies to do annual self-assessments of their security management practices and submit a report to the Office of Management and Budget.

In addition to submitting an annual report to Congress on agencies' compliance with GISRA, OMB is using the law as an important management enforcement tool for the White House. Last month, OMB issued its latest guidance for agencies on what information to include in their annual reports, and what steps must also be taken to address the weaknesses found in the self-assessments.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.