NAVY FISMA COMPLIANCE FY06 LAST PUSH GUIDANCE:

RAAUZYUW RUENAAA0026 2301800-UUUU--RUCRNAD.
ZNR UUUUU ZUI RUEWMCF5114 2301803
R 181800Z AUG 06 ZYB MIN ZYW PSN 742894K34
FM CNO WASHINGTON DC//N6//
TO NAVADMIN
INFO RHMFIUU/CNO WASHINGTON DC//N6//
RUENAAA/CNO WASHINGTON DC//N6//
BT
UNCLAS
NAVADMIN 235/06
MSGID/GENADMIN/OPNAV N6/AUG//
SUBJ/NAVY FISMA COMPLIANCE FY06 LAST PUSH GUIDANCE//
REF/A/MSGID:DOC/CONGRESS/YMD:20021217//
REF/B/MSGID:DOC/DON/YMD:20060301//
REF/C/MSGID: DOC/SECNAVINST/YMD:20040727//
NARR/REF A IS E-GOVERNMENT ACT OF 2002, THE FEDERAL INFORMATION
SECURITY MANAGEMENT ACT (FISMA). REF B IS DEPARTMENT OF NAVY 2006
FISMA GUIDANCE. REF C IS SECNAVINST 30304A, DEPARTMENT OF NAVY (DON)
CONTINUITY OF OPERATIONS (COOP) PROGRAM.
POC/STU WHARTON /CDR/OPNAV N6122A/LOC:WASHINGTON DC
/TEL:(703) 604-7736/EMAIL:STEWART.WHARTON@NAVY.MIL//
GENTEXT/REMARKS/1. THIS NAVADMIN PROMULGATES A NAVY-WIDE STRATEGY TO
PROVIDE A LAST PUSH TO IMPROVE DOD SYSTEM STATUS FOR FISMA REPORTING
TO OMB AND CONGRESS.
2. BACKGROUND.  REF A REQUIRES FEDERAL AGENCIES TO CERTIFY AND
ACCREDIT THEIR INFORMATION TECHNOLOGY (IT) SYSTEMS, CONDUCT ANNUAL
SECURITY REVIEWS, PLAN AND REVIEW CONTINGENCY PLANS, TRAIN AND
OVERSEE PERSONNEL WITH SIGNIFICANT IA RESPONSIBILITIES, AND ANNUALLY
SUBMIT REPORTS PROVIDING STATUS OF INFORMATION SECURITY WITHIN DOD.
3.  THE OFFICE OF THE SECRETARY OF DEFENSE (OSD) HAS MANDATED THE DOD
IT PORTFOLIO REGISTRY (DITPR) AS THE SYSTEM TO BE USED TO TRACK AND
REPORT FISMA INFORMATION TO THE OFFICE OF MANAGEMENT AND BUDGET (OMB)
AND THE CONGRESS.  ADDITIONALLY, THE DOD INSPECTOR GENERAL (IG), AND
SUBSEQUENTLY THE NAVAL AUDIT SERVICE WILL CONDUCT INQUIRIES TO
EVALUATE THE C&A STATUS OF DOD IT SYSTEMS.
4. THE JOINT CHIEFS OF STAFF (JCS) HAS PROMULGATED A REQUEST THAT ALL
SERVICES TAKE A HARD TURN ON COMPLETING AND DOCUMENTING SPECIFIC
FISMA REPORTING AREAS. THESE AREAS INCLUDE:
A. CLOSE OUT AND DOCUMENT AUTHORITY TO OPERATE (ATO) ACTIONS AND
UPLOAD TO DITPR-DON.
B. ENSURE EACH SYSTEM LOADED IN DITPR-DON COMPLETES AN ANNUAL
SECURITY REVIEW--FEDERAL, OMB AND DOD REQUIREMENTS REQUIRE 100%
SECURITY REVIEW OF ALL SYSTEMS ANNUALLY.  THIS CAN BE COMPLETED IN
ONE DAY SO THERE IS NO EXCUSE FOR FAILURE TO COMPLY WITH THIS ACTION.
C. CONTINGENCY OF OPERATIONS PLAN (COOP) TESTING MUST CONTINUE TO
IMPROVE.   ORGANIZATIONS CAN EXPEDITE IMPROVEMENT WITH TABLE TOP
EXERCISES AND THEN ENSURING THE RESULTS ARE DOCUMENTED IN DITPR-DON.
5. PER REF A, THE ABOVE PERORTING AREAS ARE ROUTINE, ANNUAL
REQUIREMENTS THAT NAVY NEEDS TO ENSURE ARE COMPLETED. SYSTEM
ADMINISTRATORS, INFORMATION ASSURANCE MANAGERS, AND COMMAND
INFORMATION OFFICERS ARE THE KEY TO ACCOMPLISHING THE ACTIONS IN THIS
MESSAGE.
6. ACTION.  NLT 25 AUGUST 2006 ECHELON II COMMANDERS WILL:
(A) ENSURE THAT ALL ATO S THAT HAVE BEEN GRANTED THIS FY ARE
DOCUMENTED AND UPLOADED TO DITPR-DON, AND THAT THE COMMAND HOLDS A
COPY OF THE SIGNED ATO LETTER.
(B) TAKE ACTIONS PER REF B TO COMPLETE AN ANNUAL SECURITY REVIEW AND
SECURITY CONTROLS TEST OF ALL SYSTEMS IN DITPR-DON, AND HOLD A COPY
OF THE FINDINGS AT THE COMMAND LEVEL.
(C) TAKE ACTIONS PER REF B TO COMPLETE COOP TESTING AND DOCUMENT IN
DITPR-DON, AND HOLD A COPY OF THE FINDINGS AT THE COMMAND LEVEL.
7. REPORTING. ECHELON II COMMANDERS ENSURE COMPLIANCE BY
DOCUMENTATION IN DITPR-DON NLT 25 AUGUST 2006.
8. RELEASED BY VICE ADMIRAL MARK EDWARDS, N6.
BT
#0026







NNNN