The Department of Homeland Security (DHS) issued a request for information (RFI) on July 16 for Information Assurance Compliance System (IACS) tools that can support FISMA (Federal Information Security Modernization Act) compliance checks and reporting.
The RFI notes that DHS is looking to upgrade its tools to “meet the new challenges of FISMA tracking and reporting.” DHS focuses on the need for better inventorying of information systems and interconnections with other systems and networks.
“The main objective of this document is to define traceable and verifiable system requirements for improving the effectiveness and efficiency of IACS tools,” the RFI states.
To set the requirements for the department, DHS notes that it underwent a large requirements gathering effort, consulting each of its component agencies. The list is indeed long – DHS outlines 103 data requirements, 159 interface requirements, 127 process requirements, and 94 security and privacy requirements, among other requirements, focused solely on FISMA compliance.
“Although identifying the requirements for a system as complex and nuanced as IACS is overwhelming, this major undertaking is necessary to improving OCISO services across the Department, and helping DHS to advance its mission,” the RFI states. “Note that many other requirements may arise due to the implementation of CDM program, as well as amendments on the current policies, plans, guidelines, rules, standards, and legislations, etc.”
Industry comments on DHS’ requirements are due by July 31.