FISMA compliance is a must for shared-services providers
Karen Evans, OMB's administrator for e-gov and IT, said that industry shared-services providers to the government for human resources or financial management services must comply with FISMA.
Industry shared-services providers to the government for human resources or financial management services might want to listen carefully to Karen Evans' message for them: She doesn't care what they call themselves ? center of excellence or shared-services provider or whatever ? but don't bother jumping into the scrum without complying with the Federal Information Security Management Act.
While it is obvious that agencies have to comply with the computer security mandate, Evans, the Office of Management and Budget's administrator for e-government and IT, said there have been a lot of questions about exactly what being FISMA compliant means.
"Vendors' shared-services providers need to have their systems certified and accredited under the FISMA guidelines," said Evans after speaking at an event on the Financial Management Line of Business in Washington sponsored by IBM Corp. and SAP of America Inc. of Newton Square, Pa. "Agencies and their inspector[s] general need to check to make sure contractors have met FISMA."
But, she added, it is incumbent on agency officials to ask vendors for the documentation that proves FISMA compliance. Evans said it also will show how much "residual risk" the systems have.
Evans said the foundation for the lines of business have been laid, and now it is a matter of moving to them. She said that while the focus has been on larger departments, the smaller agencies have benefited most from the shared-services provider concept.
"The service centers help small agencies accelerate ? [their] compliance with financial-management requirements," Evans said.
Evans also pointed to the Interior Department's recent launch of its new financial management system as a good example of a public-private partnership. Interior partnered with IBM to implement its Financial Business Modernization System at two bureaus last month.
"I was there when it came up live, and it was a noneventful event, which is what we like," she said. "We got to see the policies operationalized, and that was exciting."
Jason Miller is assistant managing editor of Washington Technology's affiliate publication, Government Computer News.