From: FederalNewsRadio.com 1500AM
By Jason Miller
Agencies soon will be told to change the way they certify and accredit their computer systems.
The Office of Management and Budget is drafting a memo to move agencies out of the once every three-year process under the Federal Information Security Management Act.
The goal of the memo is to implement the concept of ongoing authorizations as outlined in the fiscal 2012 FISMA guidance sent to agencies in September.
In the document, OMB says agencies are expected to conduct ongoing authorizations of information systems through the implementation of continuous monitoring programs.
OMB says continuous monitoring programs fulfill the three-year security reauthorization requirement, so a separate re-authorization process is not necessary. In an effort to implement a more dynamic, risk-based security authorization process, agencies should follow the guidance in NIST Special Publication 800-37.
The Homeland Security Department is the first out of the gate in putting ongoing authorizations into place.
Leave a Reply