Readiness Assessment of Certification and Accreditation Process
The Office of Inspector General (OIG), Information Technology Division required professional information assurance and FISMA/NIST Readiness Assessment services for the OIG’s General Support System (GSS) and six (6) application systems, all residing on the OIG GSS. Specifically, the OIG needed the assistance to perform an evaluation of the current security documentation, identify gaps where controls, programs, or metrics were incomplete, missing or ineffective; and recommend remediation, as set forth in National Institute of Science and Technology (NIST) Special Publication 800-37 and other documentation mandated by NIST and GSA.
There were ten tasks to be performed:
Task 1: Prepare OIG IT Security Project Plan
Task 2: Perform Risk Assessments
Task 3: The System Security Plan
Task 4: The Security Control Assessment plan
Task 5: Review the IT Contingency Plan (ITCP)
Task 6: Conduct a Business Impact Analysis (BIA) on the OIG GSS with business line components.
Task 7: Perform Privacy Impact Assessment (PIA) for the OIG GSS and related applications.
Task 8: Document any weaknesses or vulnerabilities in the Plan of Action and Milestone (POA&M)
Task 9: Perform a Penetration Test on the OIG GSS
Task 10: Prepare a “Lesson Learned” report. This report shall contain any information including GSA’s methodology that could improve the process.
