Contractors struggle with federal security demands

Government IT administrators sweat over FISMA compliance, but pity the poor private-sector security officers who find they must meet the same systems security requirements.

As the Federal Information Security Management Act is pushed out to government contractors, standards for compliance are a mystery to many, said Todd Fitzgerald, systems security officer for United Government Services LLC of Milwaukee. He should know: His company has had to figure out standards to meet security requirements for its work processing medical claims.

"The thing to do is focus on policy," he advised "Do you have a management process in place to move to the controls you need?" Fitzgerald spoke today at the Computer Security Institute's annual conference in Washington.

UGS is a major processor of Part A Medicare and Medicaid claims, handling more than 30 million hospital claims a year. The Medicare Act mandates information security standards for contractors of the Center for Medicare and Medicaid Services.

"This ties us into having to comply with FISMA requirements," Fitzgerald said.

But companies do not work directly with the Office of Management and Budget or with inspectors general, who determine FISMA compliance for agencies.

"There is a lot of good documentation available, and it is free," Fitzgerald said.

Under FISMA, the National Institute of Standards and Technology is mandated to develop guidelines and standards for compliance with the law. This material is available in NIST publications, he noted.

Contractors rely on auditors, either in-house or outside, to gauge compliance with federal requirements. Fitzgerald emphasized the value of using audit results as a guide for improving compliance, and the need to document practices and procedures.

"If it's not written down, you're not doing it," he said.

About the Author

William Jackson is a Maryland-based freelance writer.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above.

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.


contracts DB