ODNI tests Justice security control application

The Office of the Director of National Intelligence is testing a Justice Department application that automates many of the tasks of certifying and accrediting information systems, said Dennis Heretick, Justice’s chief information security officer.

The test joins two efforts that aim to help agencies improve their information technology security by revitalizing the certification and accreditation (C&A) process to comply with the Federal Information Security Management Act. The efforts are part of a move toward a unified federal approach to certification and accreditation.

ODNI and the Defense Department are working to converge common security standards for C&A across the national security community, an initiative that Dale Meyerrose, ODNI’s chief information officer, and DOD CIO John Grimes initiated last year, said Sharon Ehlers, ODNI’s lead for the C&A effort. At the same time, Ron Ross, a senior computer scientist at the National Institute of Standards and Technology, has produced a common framework for risk management.

“Once national security agrees on standards later this year, we will work with Ron Ross to converge them as one group of federal standards under NIST,” Ehlers said Oct. 23 at the Federal Information Assurance Conference in College Park, Md. Ehlers said she anticipates the national security standards convergence to be completed by the end of fiscal 2008.

The goal of federal security standards is not only to simplify reporting for FISMA compliance but to encourage information sharing, Heretick said. Justice is a shared service center under the Information Systems Security Line of Business consolidation initiative with 15 departments and agencies planning to migrate to its FISMA services.

ODNI is testing Justice’s control authoring tool that lets agencies conduct risk management and assess security controls electronically instead of checking against a static paper checklist, said Ken Gandola, a Northrop Grumman contractor who provides IT security support. Other agencies use this application, but the intelligence community is only testing it. The control application makes use of data stored in Justice’s Cyber Security Assessment and Management database of security requirements, controls, systems inventory and security categories.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

  • Management
    workflow (Urupong Phunkoed/Shutterstock.com)

    House Dems oppose White House reorg plan

    The White House's proposal to reorganize and shutter the Office of Personnel Management hit a major snag, with House Oversight Democrats opposing any funding of the plan.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.