Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 08/30/04 issue

Records agency automates its FISMA process

By William Jackson, GCN Staff

The government’s move toward electronic documents is producing unexpected benefits for the nation’s chief record-keeper.

“Information technology is shifting to become the core of our business and not just support,” said David Filbey, chief information security officer for the National Archives and Records Administration.

This realignment has made it easier for NARA to bring resources to bear on information assurance and on compliance with the Federal Information Security Management Act. The agency invested heavily last year in certifying and accrediting its IT systems, and now is automating the C&A and FISMA reporting processes.

“We reached 100 percent accreditation last year,” Filbey said. “The goal this fiscal year is to be able to generate the majority of the FISMA data from the system.”

The core of the system is IA Manager from Xacta Corp. of Ashburn, Va. The product uses data from operational security tools to evaluate an IT system’s security posture.

“That ties what’s happening on a day-to-day basis to the vulnerability management system,” Filbey said.

NARA pilot-tested the tool last year before rolling it out agencywide this year. The point of the program is not just FISMA compliance, but effective information assurance, Filbey said.

“The goal is to implement an IA program with a process we can follow as part of our day-to-day operations, fully integrated in our IT management,” he said.

NARA’s reorganization and its relatively small size are helping it toward this goal.

“We are the right size to move fairly quickly and be able to adjust accordingly,” Filbey said.

Not that NARA is a small organization. Although the classical National Archives building on the Mall in Washington, where the Declaration of Independence and Bill of Rights are on display, is the most familiar facility, NARA headquarters and most of its 3,000 government employees are in College Park, Md. The agency also employs 2,000 contractors and administers regional archives around the country. It helps manage the nation’s presidential libraries and provides records management for other agencies as a reimbursable service.

More news on related topics: Business Process Management, Executive Center, FISMA, Management, IT Security