How does FIMSA apply to tribes - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

How does FIMSA apply to tribes

Description:

'Information systems used or operated by an agency or by a ... Co-Chairs - Doni Wilder, Rob McKinney, Adriane Burton. OGC. OTSG. OTP. OIT. DRA. 4. Assumptions ... – PowerPoint PPT presentation

Number of Views:46
Avg rating:3.0/5.0
Slides: 11
Provided by: robertm100
Category:
Tags: fimsa | apply | tribes | wilder

less

Transcript and Presenter's Notes

Title: How does FIMSA apply to tribes


1
How does FIMSA apply to tribes?
  • April 24, 2007

2
FISMA
  • Federal Information Security Management Act
    (FISMA) of 2002
  • Information systems used or operated by an
    agency or by a contractor of an agency or other
    organization on behalf of an agency.
  • Requires Certification Accreditation of all IT
    systems
  • Must be done every three years

3
FISMA Tribal Compliance Workgroup
  • Workgroup was established to determine how FISMA
    applies to tribes and to identify the least
    burdensome method to meet FISMA requirements.
  • Workgroup
  • Co-Chairs - Doni Wilder, Rob McKinney, Adriane
    Burton
  • OGC
  • OTSG
  • OTP
  • OIT
  • DRA

4
Assumptions
  • Once a site has been contracted or compacted, the
    tribe owns the data and the data is no longer
    federal.
  • Tribal data used, stored, or transmitted on IHS
    systems are protected as IHS information.
  • Tribes are not operating on behalf of the federal
    government for purposes of meeting FISMA
    requirements.

5
Interconnection
IHSnet
Tribal System
  • Advantages
  • Exchange data
  • Provide network and service
  • support
  • Centralized access to data
  • Reduce operating costs
  • Disadvantages
  • Security viruses, worms,
  • Trojans, DOS
  • Unauthorized access

The average loss due to a virus is 130,000!
6
Recommendations
  • The IHS views Tribes as business partners for
    purposes of implementing FISMA.
  • Interconnect Security Agreements (ISAs) need to
    be established between area offices and tribal
    sites. This has not been part of the AFA
    negotiation process.
  • Interconnect Security Agreements are mutually
    beneficial for the tribes and IHS. They ensure
    that both tribal and IHS data are protected.

7
Recommendations (cont)
  • Develop technical and process solutions that
    minimize impact of security requirements on both
    parties.

8
Interconnection Security Agreement
  • The ISA is a security document that specifies
    technical and security requirements for
    establishing and maintaining system
    interconnectivity.
  • It describes security controls that will be used
    to protect systems and data.
  • Contains a topological diagrams of interconnected
    systems.

9
Next Steps
  • Distribute a letter at the meeting notifying the
    tribes that IHS is developing a FISMA policy that
    will be included in the IHS Manual. Establish an
    ISC technical workgroup to identify needed
    security between IHS and tribes.
  • The Tribal FISMA Compliance Workgroup will
    develop a draft policy. (June 1st)
  • The draft policy is mailed to Tribal Leadership
    for review and comment (June 22nd)

10
Next Steps
  • Period of review and comment
  • The Final Policy is included in the IHS Manual.
    (December 2007)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "How does FIMSA apply to tribes" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!