Cybersecurity: Information System Security Support
GSA’s E-Gov Travel Program required development of initial security requirements and continued support for analysis of scan results and Plans of Actions and Milestones (POA&Ms) for the lifecycle of the program. Cross agency collaboration was required to develop the requirements and provide continued support. Timely and compliant security assessments must meet the needs of participating federal civilian agencies.
- Provide Information System Security Officer (ISSO) support to enable the security posture of a Government-wide shared service for all federal travelers.
- Create and implement Security Management Plan.
- Review/analyze security documentation, vender deliverables/artifacts, and MOU/ISA renewals.
- Provide feedback to vendors.
- Report information systems residual risk to management.
- Remain updated on current security alerts and vulnerabilities and provide mitigation recommendations.
- Maintain Authority to Operate (ATO) through scans, POA&Ms and documentation review.
- Coordinate stakeholders for ATO renewal when necessary.
- Ensure security documentation is updated for Authorizing Official’s (AO) review for ATO
- Support AO during Assessment and Authorization (A&A).
- Assess security impact of changes to the system.
- Provide recommended updates to the system security plan.
SiloSmashers has enhanced the background investigation (BI) process — vendors are now invoiced for background investigations and allows agencies to recover BI costs. We have processed over 200 applicants in the past year for background investigations on target to save $300K of taxpayer money. This best practice will be used as a model for SmartPay and FedRAMP once it is completed.
- Avoided $40 million in security costs over 15-year contract life.
- E-Gove Travel System Security is a model within GSA for shared service solutions.
- Travel and Transportation Results:
- Faster time to implement new solution.
- Collaborative environment created through transparent security documents availability.
- Agencies avoid duplication of security tasks.
- Cost savings for agencies for unnecessary security-related items.