The Federal Information Security Management Act (FISMA) is designed to help Federal CIO’s move toward a comprehensive process of information security across their agencies. However, FISMA has been criticized as just a checklist used by IGs for compliance. This article by Jason Miller at Federal News Radio discusses the subject and how the auditors and operators may be moving towards a more effective process:
GS, IT executives to experience a FISMA détente
Summary: As OMB finalizes new FISMA metrics for 2016, agencies and IGs continue to struggle with a disconnect over risk versus compliance.
Jim Quinn, the lead system engineer for the Department of Homeland Security’s continuous diagnostics and mitigation (CDM) program, said too often IGs rely on checklists to determine whether or not agencies complied with the policy and law requirements.
“They have a standard pro-forma checklist that says ‘Have you done A, B and C?’ with no acknowledgement of whether A, B and C are really things that are important to what you are trying to achieve or whether you have done other things to make those controls less relevant because you’ve put compensating things in that limits your risk on them,” he said. “I think that this is one of the challenges, even looking at things like Federal Information Security Management Act (FISMA) metrics is how do we allow the agencies and departments and the mission groups to really be able to say ‘You have to look at the risk I’m willing to take in the context of what I am doing.’”
2ndWave has worked with several Federal agencies to help them provide a shared service, evaluate available shared services, and migrate to a shared service for financial and grants management systems. Transitioning to a shared service or to becoming a shared service provider presents challenges to any Federal agency because of the risks involved, the lack of experience many agencies have in either role, and the potential lack of direct control. Further, agencies have to consider how well shared service providers meet their requirements and how they plan to refresh their services over time to reflect technological and process innovation.
Another area of concern is a lack of governing legislation. Unlike other aspects of their business process that are supported by legislation such as the CFO Act and the Clinger-Cohen Act, Federal CFOs and CIOs are not similar supported by legislation defining how agencies should both produce and consume shared services.
This commentary by John Marshall of the Shared Services Leadership Coalition from Federal Computer Week published June 22, 2015, makes a strong case for why legislation is needed to help drive better and faster progress in the movement of Federal agencies to shared services. It is an interesting perspective that adds to the overall dialog on Federal Shared Services.
Federal shared services: Why legislation is necessary
2ndWave LLC welcomes Mr. Morris Zwick to the team. Mr. Zwick joined the firm on August 1, 2015 as Director of Enterprise Systems.
Mr. Zwick is a Technologist and Program Manager who has over 20 years managing the delivery and implementation of large enterprise technology solutions for civilian, defense, and international government organizations and private sector clients. He is a former consulting partner at PriceWaterhouseCoopers and executive at IBM Global Services.
Mr. Zwick specializes in delivering Enterprise-Wide financial management systems, especially based on Oracle Federal Financials, grants management, and other enterprise-wide technology solutions. He has a strong emphasis on value-engineering and innovation to deliver systems that leverage technology in cost-effective ways.
Mr. Zwick has a Bachelor of Science in Electrical Engineering and a Masters of Business Administration, both from the University of Maryland, College Park.
2ndWave LLC announces that the Small Business Administration (SBA) certified us as a Section 8(a) small disadvantaged business on July 1, 2015. This certification opens additional vehicles for our Federal clients to access our services to tackle their difficult challenges rapidly. 2ndWave has already been certified as a Service Disabled Veteran-Owned Small Business (SDVOSB) by the SBA. With these certifications Federal agencies can help meet their socioeconomic contracting goals while gaining access to the experienced, certified 2ndWave team.