November is Manatee Awareness Month; but no matter what time of year it is, manatees deserve to be celebrated. These amazing creatures fulfill a unique niche by serving as indicator species for ecosystems across the United States. Because of their reliance on the health of their habitat, manatees often act as a signal of their environment’s well-being. NOAA photo by Michael Buchanan.
Spring is coming early in 3/4 of national parks, according to a new study. Awesome? Not so much. As flowers bloom earlier every year, it’s disrupting the link between the wildflowers and the arrival of birds, bees, and butterflies that feed on and pollinate the flowers. In Shenandoah, an earlier spring is giving invasive plants a head start, and they’re displacing native wildflowers, leading to costly management issues.
Before the 1960s almost everything about living openly as a lesbian, gay, bisexual, or transgender (LGBT) person was illegal. New York City laws against homosexual activities were particularly harsh. The Stonewall Uprising on June 28, 1969 is a milestone in the quest for LGBT civil rights and provided momentum for a movement.
Vine Creek Ranch at Death Valley National Park. Steady drought and record summer heat make Death Valley a land of extremes. Towering peaks are frosted with winter snow. Rare rainstorms bring vast fields of wildflowers. Lush oases harbor tiny fish and refuge for wildlife and humans. Despite its morbid name, a great diversity of life survives in Death Valley.
Functions of the Information Assurance Division include:
Developing Enterprise IT Security policies, standards, guidelines and procedures
Ensuring the Confidentiality, Integrity and Availability of DOI Information and Systems
Oversight of System Assessments & Authorizations across the Department
Support for the Department's Cyber Security Assessment and Management (CSAM) system allowing for the oversight of A&A packages and Plan of Action and Milestone (POA&M) reporting
Management of Office of the Secretary (OS) POA&M items in CSAM
Developing an Enterprise Risk Management Framework
Establishing an Enterprise Continuous Monitoring Program
Developing Privacy Act policies, standards, guidelines and procedures
Identifying relevant IT infrastructure controls for implementation to meet Privacy Act requirements
The Information Assurance Division's revised structure is comprised of the following functional areas:
Enterprise IT Security Policy and Planning
Enterprise Assessment and Authorization Oversight
IT Security Education, Awareness and Training
IT Security Program Management including Information Technology Security Team (ITST) Coordination
IT Security Policy and Planning
DOI IT security policies are created to set management expectations for securing IT systems and ensuring clear guidelines are defined for system user behavior, and ensuring consistent system performance. They are necessary for compliance with federal mandates, such as the Federal Information Security Management Act (FISMA), Office of Management and Budget (OMB) memoranda and circulars, National Institute of Standards and Technology (NIST) guidance, and industry best practices.
Assessment and Authorization Management
Security accreditation is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations, agency assets, or individuals based on the implementation of an agreed-upon set of security controls. Required by OMB Circular A-130, Appendix III, security accreditation provides a form of quality control and challenges managers and technical staffs at all levels to implement the most effective security controls possible in an information system, given mission requirements, technical constraints, operational constraints, and cost/schedule constraints. By accrediting an information system, an agency official accepts responsibility for the security of the system and is fully accountable for any adverse impacts to the agency if a breach of security occurs. Thus, responsibility and accountability are core principles that characterize security accreditation.
IT Security Education, Awareness and Training
Awareness training plays an important role in achieving the Department's goals for information security and privacy. Annual information security and privacy awareness training is provided to all DOI employees, and others who have access to DOI information systems. The training objectives are to enhance awareness of the threats to, and vulnerabilities of, information systems; and to encourage the use of good information security practices within the Department.
The Department established the IT Security Team (ITST) in January 2002. The Team's mission is to help ensure the successful implementation of the Office of Management and Budget (OMB) Circular A-130, Appendix III. The ITST is chaired by the DOI CISO with membership comprised of Bureau CISOs and representatives from the Inspector General's office. The team works on issues relating to information security such as policy, procedures, security technologies and reporting to oversight agencies.