Visit Arches and discover a landscape of contrasting colors, landforms and textures unlike any other in the world. The park has over 2,000 natural stone arches, in addition to hundreds of soaring pinnacles, massive fins and giant balanced rocks. This red rock wonderland will amaze you with its formations, refresh you with its trails, and inspire you with its sunsets.
A rugged, whitewater river flowing northward through deep canyons, the New River is among the oldest rivers on the continent. New River Gorge National River in West Virginia encompasses over 70,000 acres of land along the New River, is rich in cultural and natural history, and offers an abundance of scenic and recreational opportunities.
Denali is six million acres of wild land, bisected by one ribbon of road. Travelers along it see the relatively low-elevation taiga forest give way to high alpine tundra and snowy mountains, culminating in North America's tallest peak, 20,310' Denali. Wild animals large and small roam un-fenced lands, living as they have for ages. Solitude, tranquility and wilderness await.
Information Assurance Division's services have been restructured to support the overall IT Transformation objective of defragmenting Information Technology and increasing the ability to deliver reliable, cost-effective, enterprise-wide IT services efficiently.
Functions of the Information Assurance Division include:
Developing Enterprise IT Security policies, standards, guidelines and procedures
Ensuring the Confidentiality, Integrity and Availability of DOI Information and Systems
Oversight of System Assessments & Authorizations across the Department
Support for the Department's Cyber Security Assessment and Management (CSAM) system allowing for the oversight of A&A packages and Plan of Action and Milestone (POA&M) reporting
Management of Office of the Secretary (OS) POA&M items in CSAM
Developing an Enterprise Risk Management Framework
Establishing an Enterprise Continuous Monitoring Program
Developing Privacy Act policies, standards, guidelines and procedures
Identifying relevant IT infrastructure controls for implementation to meet Privacy Act requirements
The Information Assurance Division's revised structure is comprised of the following functional areas:
Enterprise IT Security Policy and Planning
Enterprise Assessment and Authorization Oversight
IT Security Education, Awareness and Training
IT Security Program Management including Information Technology Security Team (ITST) Coordination
IT Security Policy and Planning
DOI IT security policies are created to set management expectations for securing IT systems and ensuring clear guidelines are defined for system user behavior, and ensuring consistent system performance. They are necessary for compliance with federal mandates, such as the Federal Information Security Management Act (FISMA), Office of Management and Budget (OMB) memoranda and circulars, National Institute of Standards and Technology (NIST) guidance, and industry best practices.
Assessment and Authorization Management
Security accreditation is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations, agency assets, or individuals based on the implementation of an agreed-upon set of security controls. Required by OMB Circular A-130, Appendix III, security accreditation provides a form of quality control and challenges managers and technical staffs at all levels to implement the most effective security controls possible in an information system, given mission requirements, technical constraints, operational constraints, and cost/schedule constraints. By accrediting an information system, an agency official accepts responsibility for the security of the system and is fully accountable for any adverse impacts to the agency if a breach of security occurs. Thus, responsibility and accountability are core principles that characterize security accreditation.
IT Security Education, Awareness and Training
Awareness training plays an important role in achieving the Department's goals for information security and privacy. Annual information security and privacy awareness training is provided to all DOI employees, and others who have access to DOI information systems. The training objectives are to enhance awareness of the threats to, and vulnerabilities of, information systems; and to encourage the use of good information security practices within the Department.
The Department established the IT Security Team (ITST) in January 2002. The Team's mission is to help ensure the successful implementation of the Office of Management and Budget (OMB) Circular A-130, Appendix III. The ITST is chaired by the DOI CISO with membership comprised of Bureau CISOs and representatives from the Inspector General's office. The team works on issues relating to information security such as policy, procedures, security technologies and reporting to oversight agencies.