FISMA compliance is a must for shared-services providers

Industry shared-services providers to the government for human resources or financial management services might want to listen carefully to Karen Evans' message for them: She doesn't care what they call themselves ? center of excellence or shared-services provider or whatever ? but don't bother jumping into the scrum without complying with the Federal Information Security Management Act.

While it is obvious that agencies have to comply with the computer security mandate, Evans, the Office of Management and Budget's administrator for e-government and IT, said there have been a lot of questions about exactly what being FISMA compliant means.

"Vendors' shared-services providers need to have their systems certified and accredited under the FISMA guidelines," said Evans after speaking at an event on the Financial Management Line of Business in Washington sponsored by IBM Corp. and SAP of America Inc. of Newton Square, Pa. "Agencies and their inspector[s] general need to check to make sure contractors have met FISMA."

But, she added, it is incumbent on agency officials to ask vendors for the documentation that proves FISMA compliance. Evans said it also will show how much "residual risk" the systems have.

Evans said the foundation for the lines of business have been laid, and now it is a matter of moving to them. She said that while the focus has been on larger departments, the smaller agencies have benefited most from the shared-services provider concept.

"The service centers help small agencies accelerate ? [their] compliance with financial-management requirements," Evans said.

Evans also pointed to the Interior Department's recent launch of its new financial management system as a good example of a public-private partnership. Interior partnered with IBM to implement its Financial Business Modernization System at two bureaus last month.

"I was there when it came up live, and it was a noneventful event, which is what we like," she said. "We got to see the policies operationalized, and that was exciting."

Jason Miller is assistant managing editor of Washington Technology's affiliate publication, Government Computer News.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

I agree to this site's Privacy Policy.