A rugged, whitewater river flowing northward through deep canyons, the New River is among the oldest rivers on the continent. New River Gorge National River in West Virginia encompasses over 70,000 acres of land along the New River, is rich in cultural and natural history, and offers an abundance of scenic and recreational opportunities.
Big Southern Butte is one of two domes rising from a sea of basalt near the center of the eastern Snake River Plain in Idaho. The butte is one of the largest volcanic domes in the world, but at 300,000 years old it is also one of the youngest. Hikers who trek to the 7,550-foot high summit are rewarded with spectacular panoramic views. Photo by Devin Englestead, BLM Upper Snake Wildlife Biologist.
First light at Bosque del Apache National Wildlife Refuge in New Mexico. Established in November 22, 1939, the refuge has provided a critical stopover and wintering spot for thousands of sandhill cranes, geese and other waterfowl for 75 years. Bosque del Apache's sandhill crane population has multiplied from 18 birds in the 1840s to more than 20,000 birds today. Photo by Kim Hang Dessoliers (www.sharetheexperience.org).
Information Assurance Division's services have been restructured to support the overall IT Transformation objective of defragmenting Information Technology and increasing the ability to deliver reliable, cost-effective, enterprise-wide IT services efficiently.
Functions of the Information Assurance Division include:
Developing Enterprise IT Security policies, standards, guidelines and procedures
Ensuring the Confidentiality, Integrity and Availability of DOI Information and Systems
Oversight of System Assessments & Authorizations across the Department
Support for the Department's Cyber Security Assessment and Management (CSAM) system allowing for the oversight of A&A packages and Plan of Action and Milestone (POA&M) reporting
Management of Office of the Secretary (OS) POA&M items in CSAM
Developing an Enterprise Risk Management Framework
Establishing an Enterprise Continuous Monitoring Program
Developing Privacy Act policies, standards, guidelines and procedures
Identifying relevant IT infrastructure controls for implementation to meet Privacy Act requirements
The Information Assurance Division's revised structure is comprised of the following functional areas:
Enterprise IT Security Policy and Planning
Enterprise Assessment and Authorization Oversight
IT Security Education, Awareness and Training
IT Security Program Management including Information Technology Security Team (ITST) Coordination
IT Security Policy and Planning
DOI IT security policies are created to set management expectations for securing IT systems and ensuring clear guidelines are defined for system user behavior, and ensuring consistent system performance. They are necessary for compliance with federal mandates, such as the Federal Information Security Management Act (FISMA), Office of Management and Budget (OMB) memoranda and circulars, National Institute of Standards and Technology (NIST) guidance, and industry best practices.
Assessment and Authorization Management
Security accreditation is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations, agency assets, or individuals based on the implementation of an agreed-upon set of security controls. Required by OMB Circular A-130, Appendix III, security accreditation provides a form of quality control and challenges managers and technical staffs at all levels to implement the most effective security controls possible in an information system, given mission requirements, technical constraints, operational constraints, and cost/schedule constraints. By accrediting an information system, an agency official accepts responsibility for the security of the system and is fully accountable for any adverse impacts to the agency if a breach of security occurs. Thus, responsibility and accountability are core principles that characterize security accreditation.
IT Security Education, Awareness and Training
Awareness training plays an important role in achieving the Department's goals for information security and privacy. Annual information security and privacy awareness training is provided to all DOI employees, and others who have access to DOI information systems. The training objectives are to enhance awareness of the threats to, and vulnerabilities of, information systems; and to encourage the use of good information security practices within the Department.
The Department established the IT Security Team (ITST) in January 2002. The Team's mission is to help ensure the successful implementation of the Office of Management and Budget (OMB) Circular A-130, Appendix III. The ITST is chaired by the DOI CISO with membership comprised of Bureau CISOs and representatives from the Inspector General's office. The team works on issues relating to information security such as policy, procedures, security technologies and reporting to oversight agencies.