GSA’s E-Gov Travel Program required development of initial security requirements and continued support for analysis of scan results and Plans of Actions and Milestones (POA&Ms) for the lifecycle of the program. Cross agency collaboration was required to develop the requirements and provide continued support. Timely and compliant security assessments must meet the needs of participating federal civilian agencies.
- Provide an Information System Security Officer (ISSO) to enable timely and effective communications.
- Create and implement Security Management Plan.
- Review/analyze security documentation, vender deliverables/artifacts, and MOU/ISA renewals
- Provide feedback to vendors
- Report information systems residual risk to management
- Remain updated on current security alerts and vulnerabilities and provide mitigation recommendations
- Maintain Authority to Operate (ATO) through scans, POA&Ms and documentation review
- Coordinate stakeholders for ATO renewal when necessary
- Ensure security documentation is updated for Authorizing Official’s(AO) review for ATO
- Support AO during A&A
- Assess security impact of changes to the system
- Provide recommended updates to the system security plan
SiloSmashers has enhanced the background investigation (BI) process — vendors are now invoiced for background investigations and allows agencies to recover BI costs. We have processed over 200 applicants in the past year for background investigations on target to save $300K of taxpayer money. This best practice will be used as a model for SmartPay and FedRAMP once it is completed.
•Avoided $40 million in security costs over 15 year contract life.
•E-Gove Travel System Security is a model within GSA for shared service solutions.
Travel and Transportation Results:
•Faster time to implement new solution
•Collaborative environment created through transparent security documents availability
•Agencies avoid duplication of security tasks
•Cost savings for agencies for unnecessary security related itemsSingle point of contact for security