OMB: Team effort needed on FISMA

Government contractors that supply federal agencies with outsourced services must collaborate with those agencies to develop suitable arrangements for meeting requirements under the Federal Information Security Management Act, the Office of Management and Budget said this week.

In a July 14 memorandum, OMB Deputy Director for Management Clay Johnson called on contractors that provide outsourced network operations, telecommunications services and managed services to work closely with their customer agencies on both general and agency-specific requirements.

In addition, the memo charges agencies with ensuring that all FISMA requirements are set forth in contracts for outsourced work, general contractor support, and laboratory and research work. In the case of general contractor support, agencies also are responsible for ensuring that contractor employees receive training in agency security policy and procedures.

The memo also stipulates that agencies must ensure identical, not merely equivalent, security procedures. Moreover, security aspects such as annual reviews, risk assessments, security plans, control testing, contingency planning, and certification and accreditation must concur with guidance from the National Institute of Standards and Technology.

Johnson wrote that agencies and inspectors general should consult with other agencies using the same service provider and share the results of completed security reviews to avoid unnecessarily burdening the service provider with duplicative reviews.

The 40-page memo, addressed to executive departments and agency directors, was presented in a FAQ format. The material pertaining to security was set forth in Question 37 in which Johnson gave examples of agency security requirements for contractors.

The memo divided contractors into five primary categories related to securing systems and information. Those categories were service providers; contractor support; government-owned, contractor-operated facilities; laboratories and research centers; and management and operating contracts.

About the Author

William Welsh is a freelance writer covering IT and defense technology.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.