Sprehe: FBI gets it right

The FBI has received a truckload of bad press recently. So it is a pleasure to dwell on some good news coming out of the agency. In May, the FBI received an Archivist's Achievement Award from the National Archives and Records Administration for its electronic recordkeeping certification project.

The project is modeled on a widely used certification and accreditation process for information technology security. All FBI systems that process federal information must be certified and accredited as complying with a specific records management standard.

To be compliant, a system must be able to export records and associated metadata to an electronic records management system within the agency that is certified under the Defense Department's 5015.2-STD. Alternatively, an electronic records management system certified under the DOD standard can be part of a larger IT system.

An FBI records officer and the IT system owner must work together to determine whether a system processes federal records. Just as with security certification and accreditation, an FBI system that handles federal records cannot receive the authority to operate until it is certified and accredited as an electronic recordkeeping system.

Initially, the FBI's rule is being applied to new IT systems, but eventually, the Records Management Division will apply the process to existing systems.

The process allows a system to receive interim authority to operate if it will take some time to carry out the changes required to make it compliant. Under the same process, a designated official can grant emergency authority to operate systems that need to be created quickly to deal with emergencies, such as the sniper attacks in the Washington, D.C., region in 2002.

Most agencies put the onus on the records officer to ensure appropriate handling of electronic records. The FBI's novel approach shifts much of the burden to the source of the information — the IT system that contains the records and the system's owner.

In the interest of full disclosure, I served as a consultant to the contractor that helped develop the FBI's project. All of the ideas for the process, however, originated in the bureau's Records Management Division.

I believe that the FBI has a superb idea that has value for every government agency. The idea is so good, in fact, that the Office of Management and Budget should consider incorporating it into everyone's favorite pest, OMB's Exhibit 300.

I recommend deleting the lines in Exhibit 300 under IT investments that pertain to electronic records and the Government Paperwork Elimination Act. That act has only limited applicability to public information collections. The Exhibit 300 form could be modified to ask: Does this investment implement electronic transactions or recordkeeping covered by the Federal Records Act? If so, is the system certified as being in compliance with 5015.2-STD?

That one change could largely solve the problem of capturing federal electronic records. Whether or not OMB acts on my suggestion, kudos to the FBI for developing and applying an effective way of managing federal records that are born digital.

Sprehe is president of Sprehe Information Management Associates in Washington, D.C. He can be reached at jtsprehe@jtsprehe.com.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group