OMB: Team effort needed on FISMA

Government contractors that supply federal agencies with outsourced services must collaborate with those agencies to develop suitable arrangements for meeting requirements under the Federal Information Security Management Act, the Office of Management and Budget said this week.

In a July 14 memorandum, OMB Deputy Director for Management Clay Johnson called on contractors that provide outsourced network operations, telecommunications services and managed services to work closely with their customer agencies on both general and agency-specific requirements.

In addition, the memo charges agencies with ensuring that all FISMA requirements are set forth in contracts for outsourced work, general contractor support, and laboratory and research work. In the case of general contractor support, agencies also are responsible for ensuring that contractor employees receive training in agency security policy and procedures.

The memo also stipulates that agencies must ensure identical, not merely equivalent, security procedures. Moreover, security aspects such as annual reviews, risk assessments, security plans, control testing, contingency planning, and certification and accreditation must concur with guidance from the National Institute of Standards and Technology.

Johnson wrote that agencies and inspectors general should consult with other agencies using the same service provider and share the results of completed security reviews to avoid unnecessarily burdening the service provider with duplicative reviews.

The 40-page memo, addressed to executive departments and agency directors, was presented in a FAQ format. The material pertaining to security was set forth in Question 37 in which Johnson gave examples of agency security requirements for contractors.

The memo divided contractors into five primary categories related to securing systems and information. Those categories were service providers; contractor support; government-owned, contractor-operated facilities; laboratories and research centers; and management and operating contracts.

About the Author

William Welsh is a freelance writer covering IT and defense technology.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • POWER TRAINING: How to engage your customers

    Don't miss our Aug. 2 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman interviews Tom Romeo, the leader of Maximus Federal about how it has zoomed up the 2019 Top 100. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.