Home / Civilian / DHS IT Security System Earns Top Marks for FISMA Compliance; Jaime Vargas Comments

DHS IT Security System Earns Top Marks for FISMA Compliance; Jaime Vargas Comments

The recent Federal Information Security Management Act report named the Department of Homeland Security as the top performer in an assessment of federal agencies’ compliance to IT security standards, GCN reported Thursday.

DHS’ continuous monitoring system, which is run by the department’s Office of the Inspector General, received a score of 99 for the second consecutive year, William Jackson reports.

According to OIG Chief Information Security Officer Jaime Vargas, the DHS system is shifting the focus from process to results and places a measure of accountability on each operational unit.

He said DHS practices both departmentwide FISMA compliance checks and per-office IT systems security management, with OIG playing a critical role.

“One of the challenges the IG has is that we don’t set our own policies, we follow the policies of the department at large. At the same time, we are expected to set an example in order to be credible.”

The system combines commercial solutions for vulnerability scanning, such as Tenable Network Security‘s Nessus and Microsoft‘s Active Directory, and open source tools for systems management that were initially met with resistance, Jackson writes.

“[When] you get some code and some smart people working on it, they can actually leverage it and get something that works,” Vargas said.

OIG schedules the vulnerability tests every 10 days, reports the results and speed of response and applies the risk management framework implemented by the National Institute of Standards and Technology.

However, Jackson notes compliance does not necessarily lead to security, another challenge faced by agencies alongside the changing security and reporting guidelines.

“Traditionally, security has been a tradeoff,” said Vargas, but he also believes the visibility into the systems that the tests provide has also helped boost security.

Check Also

GAO: Air Force to Deploy New Combat Rescue Helicopters to Active Component by FY 2020

The Government Accountability Office has found that the U.S. Air Force intends to start fielding in fiscal 2020 new Combat Rescue Helicopters to replace aging HH-60G Pave Hawk helicopters that have recorded the most flight time when it comes to staff recovery missions. GAO said in a report published Thursday the service will initially deploy the new helicopters to the active component six years ahead of the reserve component and to the Air National Guard by 2027.

Leave a Reply

Your email address will not be published. Required fields are marked *