Spring is coming early in 3/4 of national parks, according to a new study. Awesome? Not so much. As flowers bloom earlier every year, it’s disrupting the link between the wildflowers and the arrival of birds, bees, and butterflies that feed on and pollinate the flowers. In Shenandoah, an earlier spring is giving invasive plants a head start, and they’re displacing native wildflowers, leading to costly management issues.
Before the 1960s almost everything about living openly as a lesbian, gay, bisexual, or transgender (LGBT) person was illegal. New York City laws against homosexual activities were particularly harsh. The Stonewall Uprising on June 28, 1969 is a milestone in the quest for LGBT civil rights and provided momentum for a movement.
Vine Creek Ranch at Death Valley National Park. Steady drought and record summer heat make Death Valley a land of extremes. Towering peaks are frosted with winter snow. Rare rainstorms bring vast fields of wildflowers. Lush oases harbor tiny fish and refuge for wildlife and humans. Despite its morbid name, a great diversity of life survives in Death Valley.
Located 2,600 miles southwest of Hawaii, the National Park of American Samoa is the most remote unit of the National Park System and the U.S. National Park south of the Equator. The Park spreads across three islands, 9,500 acres of tropical rainforest, and 4,000 acres of ocean, including coral reefs. While remote, the islands of American Samoa, true to the meaning of the word Samoa (Islands of Sacred Earth), are welcoming and offer beautiful landscapes and centuries of culture and history.
Certification and Accreditation is required by the Federal Information Security Management Act (FISMA) of 2002. All systems and applications supporting Federal government agencies must go through a formal C&A before being put into production, and every three years thereafter. Certification is the comprehensive evaluation of the technical and non-technical security features of an information system and other safeguards, made in support of the accreditation process, to establish the extent to which a particular design and implementation meet a set of specified security requirements. Accreditation is a formal declaration by the Authorizing Official (AO) that an information system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk to the Agency.
OCIO provides Certification and Accreditation services through a proven engagement methodology that ensures customer readiness and efficient delivery, minimizing impact to your technology support teams.
OCIO's Information Systems Security Line of Business Center of Excellence (ISSLOB COE) performs the development, update and review of all required security documentation, provide C&A consultation services to the information system personnel, and performs an independent assessment on the information system to ensure all required system security controls are in place, implemented correctly and operating as intended. All services are implemented in accordance with the guidelines specified within NIST 800-37, Certification and Accreditation.
NIST 800-37 establishes a standard security certification and accreditation process to be used throughout the Federal Government. The NIST process is designed to be adaptable to any type of information system and any computing environment and mission within the government.
Our A&A Services
In the Initiation Phase, the certification agent (OCIO) analyzes the security documentation supporting the information system. The purpose of the initiation phase is to ensure that the Authorizing Official (AO) and the client's Chief Information Security Officer (CISO) are in agreement with the contents of the System Security Plan (SSP). In the Initiation Phase we review:
System Characterization Assessment
System Security Categorization Assessment
Privacy Impact Assessment
System Security Plan
Contingency/Disaster Recovery Plan
Security Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation. The purpose of our testing is to determine if the controls are implemented correct, operating as intended and producing the desired control described in the System Security Plan. Activities include:
Security Test and Evaluation Plan
Security Assessment Report
Plan of Action and Milestones
Security accreditation is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations, agency assets, or individuals based on the implementation of an agreed-upon set of security controls. Activities include:
A&A Package Review
Authorization Package Submission
Customized C&A Services
OCIO offers customized C&A services to include:
System Development Lifecycle A&A Services Integration
Pre-Deployment Certification and Accreditation
In-flight Annual Reviews
CP/DR Test, Compliance Verification (Optional)
In addition to the basic C&A package, OCIO can provide assistance creating or updating the following:
A&A Documentation Preparation
Security Technical Guidelines
Security Awareness and Training Plan
Configuration Management Plan
Patch Management Plan
Rules of Behavior
Contingency/Disaster Recovery Plan
Incident Response Plan
Continuous Monitoring Plan
No separate contract is required. No sole source justification is required.
The OCIO ISSLOB COE is positioned to provide C&A services to DOI and federal government agencies. As an OMB designated ISSLOB, work is initiated through an Inter-Agency Agreement (IAA) with the Interior Business Center Line of Business.
The IAA will reference an agreed upon Memorandum of Understanding, with supporting Proposal, Statement of Work and Rules of Engagement documents. Authority Under Which C&A is Provided: Economy Act — 31 USC 1535 and Working Capital Fund, 43 USC 1467, 1468.
For Additional Information:
Please contact the OCIO ISSLOB at ISSLOB@nbc or 303-969-5700.