Private-sector shared-services providers must be FISMA-compliant

Karen Evans has a message for industry about being a shared-services provider to the government for human resources or financial management services: She doesn’t care what you call yourself—center of excellence or shared-services provider or whatever—but don’t bother jumping into the scrum if you don’t comply with the Federal Information Security Management Act.

While it is obvious that agencies have to comply with the computer security mandate, Evans, the Office of Management and Budget’s administrator for e-government and IT, said there have been a lot of questions about exactly what being FISMA compliant means.

“Vendors’ shared-services providers need to have their systems certified and accredited under the FISMA guidelines,” said Evans after speaking at an event on the Financial Management Line of Business in Washington sponsored by IBM Corp. and SAP of America Inc. of Newton Square, Pa. “Agencies and their inspector[s] general need to check to make sure contractors have met FISMA.”

But, she added, it is incumbent on agency officials to ask vendors for the documentation that proves FISMA compliance. Evans said it also will show how much “residual risk” the systems have.

Evans said the foundation for the lines of business have been laid, and now it is a matter of moving to them. She said that while the focus has been on larger departments, the smaller agencies have benefited most from the shared-services provider concept.

“The service centers help small agencies accelerate … [their] compliance with financial-management requirements,” Evans said.

Evans also pointed to the Interior Department’s recent launch of its new financial management system as a good example of a public-private partnership. Interior partnered with IBM to implement its Financial Business Modernization System at two bureaus last month.

“I was there when it came up live, and it was a noneventful event, which is what we like,” she said. “We got to see the policies operationalized, and that was exciting.”

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected