11/05/2007
During 2000, the Chief Information Security Officer of this agency was dealing with responsibilities of certifying and accrediting Information Technology (IT) systems as part of a comprehensive Certification and Accreditation program for the whole of the Federal government. This requirement had not been fully performed or tested elsewhere and this agency was on the leading edge of compliance. Before this point, the agency had a solid reputation and a high grade in complying with Federal IT security requirements.
11/05/2007
During 2002, the network to be supported was both growing in responsibility as well as speeding up operations by moving from a five-year replenishment cycle to a three-year cycle. The original efforts were focused on scheduling the site visits to many foreign and domestic locations. However, it was rapidly clear that there were insufficient controls on the replenishment process and that Business Process Engineering efforts were required. This was followed in quick succession by the need for change control and security efforts.
11/05/2007
The work of the Information System Security Office was largely driven by compliance requirements such as the Government Information Security Reform Act of 2000 (GISRA), which was later modified by the Federal Information Security Management Act (FISMA). Growth entailed additional responsibilities for developing

INFOSEC policies and procedures, assisting in managing the configuration management system, and production of System Security Plans (SSPs) for Information Technology (IT) systems, in addition to the quarterly reporting scenarios required.
11/05/2007
The developer makes various products for use in government and commerce. Their products are used as a Major Application (MA) or are hosted on a General Support System (GSS). In either case, addition of the new product or of significant updates to an existing product could require rewrite of Certification & Accreditation documents under the Federal Information Systems Management Act (FISMA) and the Information Technology Management Reform Act (ITMRA).