Information Technology Washington, District Of Columbia


In addition to the above, ISSOs shall also:
a) Ensure the assigned FISMA systems maintain their ATO through independent security assessment and authorization;
b) An ISSO may be assigned to more than one system;
c) The ISSO shall have oversight responsibility to ensure proper access controls have been implemented and managed;
d) ISSO shall ensure audit logs are reviewed at an agreed upon frequency, where the frequency may increase if warranted by incident or situational awareness. When reviewing logs, some events will require follow-up inquiries to determine if a problem exists, whether corrective action is required, or if there is another explanation.
e) Be responsible for conducting assessments of controls for their system to ensure the controls have been implemented properly and are still effective where the risk posture is documented in a system risk assessment report.
f) Ensure documents provided to auditors are what was requested and approved for release. Documents provided to auditors should be properly labeled so that the auditor is aware if they contain sensitive information.
g) Ensure that new vulnerabilities are evaluated by the respective subject matter expert and corrective action implemented.
h) Follow agreed on procedures when providing documents;
i) Collaborate with the Security Engineer in conducting security impact assessments on change to their respective FISMA systems.
j) Collaborate with the Security Operations Center in reviewing vulnerability and compliance scan results at an agreed upon frequency. Any findings in the scan results are to be tracked as a corrective action plan and managed in CSAM as a POAM.