NAVY FISMA COMPLIANCE FY06 LAST PUSH GUIDANCE:
RAAUZYUW RUENAAA0026 2301800-UUUU--RUCRNAD. ZNR UUUUU ZUI RUEWMCF5114 2301803 R 181800Z AUG 06 ZYB MIN ZYW PSN 742894K34 FM CNO WASHINGTON DC//N6// TO NAVADMIN INFO RHMFIUU/CNO WASHINGTON DC//N6// RUENAAA/CNO WASHINGTON DC//N6// BT UNCLAS NAVADMIN 235/06 MSGID/GENADMIN/OPNAV N6/AUG// SUBJ/NAVY FISMA COMPLIANCE FY06 LAST PUSH GUIDANCE// REF/A/MSGID:DOC/CONGRESS/YMD:20021217// REF/B/MSGID:DOC/DON/YMD:20060301// REF/C/MSGID: DOC/SECNAVINST/YMD:20040727// NARR/REF A IS E-GOVERNMENT ACT OF 2002, THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA). REF B IS DEPARTMENT OF NAVY 2006 FISMA GUIDANCE. REF C IS SECNAVINST 30304A, DEPARTMENT OF NAVY (DON) CONTINUITY OF OPERATIONS (COOP) PROGRAM. POC/STU WHARTON /CDR/OPNAV N6122A/LOC:WASHINGTON DC /TEL:(703) 604-7736/EMAIL:STEWART.WHARTON@NAVY.MIL// GENTEXT/REMARKS/1. THIS NAVADMIN PROMULGATES A NAVY-WIDE STRATEGY TO PROVIDE A LAST PUSH TO IMPROVE DOD SYSTEM STATUS FOR FISMA REPORTING TO OMB AND CONGRESS. 2. BACKGROUND. REF A REQUIRES FEDERAL AGENCIES TO CERTIFY AND ACCREDIT THEIR INFORMATION TECHNOLOGY (IT) SYSTEMS, CONDUCT ANNUAL SECURITY REVIEWS, PLAN AND REVIEW CONTINGENCY PLANS, TRAIN AND OVERSEE PERSONNEL WITH SIGNIFICANT IA RESPONSIBILITIES, AND ANNUALLY SUBMIT REPORTS PROVIDING STATUS OF INFORMATION SECURITY WITHIN DOD. 3. THE OFFICE OF THE SECRETARY OF DEFENSE (OSD) HAS MANDATED THE DOD IT PORTFOLIO REGISTRY (DITPR) AS THE SYSTEM TO BE USED TO TRACK AND REPORT FISMA INFORMATION TO THE OFFICE OF MANAGEMENT AND BUDGET (OMB) AND THE CONGRESS. ADDITIONALLY, THE DOD INSPECTOR GENERAL (IG), AND SUBSEQUENTLY THE NAVAL AUDIT SERVICE WILL CONDUCT INQUIRIES TO EVALUATE THE C&A STATUS OF DOD IT SYSTEMS. 4. THE JOINT CHIEFS OF STAFF (JCS) HAS PROMULGATED A REQUEST THAT ALL SERVICES TAKE A HARD TURN ON COMPLETING AND DOCUMENTING SPECIFIC FISMA REPORTING AREAS. THESE AREAS INCLUDE: A. CLOSE OUT AND DOCUMENT AUTHORITY TO OPERATE (ATO) ACTIONS AND UPLOAD TO DITPR-DON. B. ENSURE EACH SYSTEM LOADED IN DITPR-DON COMPLETES AN ANNUAL SECURITY REVIEW--FEDERAL, OMB AND DOD REQUIREMENTS REQUIRE 100% SECURITY REVIEW OF ALL SYSTEMS ANNUALLY. THIS CAN BE COMPLETED IN ONE DAY SO THERE IS NO EXCUSE FOR FAILURE TO COMPLY WITH THIS ACTION. C. CONTINGENCY OF OPERATIONS PLAN (COOP) TESTING MUST CONTINUE TO IMPROVE. ORGANIZATIONS CAN EXPEDITE IMPROVEMENT WITH TABLE TOP EXERCISES AND THEN ENSURING THE RESULTS ARE DOCUMENTED IN DITPR-DON. 5. PER REF A, THE ABOVE PERORTING AREAS ARE ROUTINE, ANNUAL REQUIREMENTS THAT NAVY NEEDS TO ENSURE ARE COMPLETED. SYSTEM ADMINISTRATORS, INFORMATION ASSURANCE MANAGERS, AND COMMAND INFORMATION OFFICERS ARE THE KEY TO ACCOMPLISHING THE ACTIONS IN THIS MESSAGE. 6. ACTION. NLT 25 AUGUST 2006 ECHELON II COMMANDERS WILL: (A) ENSURE THAT ALL ATO S THAT HAVE BEEN GRANTED THIS FY ARE DOCUMENTED AND UPLOADED TO DITPR-DON, AND THAT THE COMMAND HOLDS A COPY OF THE SIGNED ATO LETTER. (B) TAKE ACTIONS PER REF B TO COMPLETE AN ANNUAL SECURITY REVIEW AND SECURITY CONTROLS TEST OF ALL SYSTEMS IN DITPR-DON, AND HOLD A COPY OF THE FINDINGS AT THE COMMAND LEVEL. (C) TAKE ACTIONS PER REF B TO COMPLETE COOP TESTING AND DOCUMENT IN DITPR-DON, AND HOLD A COPY OF THE FINDINGS AT THE COMMAND LEVEL. 7. REPORTING. ECHELON II COMMANDERS ENSURE COMPLIANCE BY DOCUMENTATION IN DITPR-DON NLT 25 AUGUST 2006. 8. RELEASED BY VICE ADMIRAL MARK EDWARDS, N6. BT #0026 NNNN