FISMA Goals Outlined for FY 2009

Published, January 13, 2009

The Department of the Navy released its Federal Information Security Management Act (FISMA) Goals for FY09 in Naval message DTG 081605Z JAN 09. This Naval message provides requirements for individual systems to achieve and maintain 100 percent compliance with the required certification and accreditation, annual security review, annual testing of security controls, and annual evaluation of contingency plans.

The message also highlights quarterly reporting requirements and consequences of non-compliance. In accordance with the DON IT Policy Guidance for FY09, systems not in compliance with the FISMA requirements (listed in the Naval message) at the end of each quarterly reporting period will have development/modernization funding restriction applied. This restriction will allow expenditure of funds to achieve FISMA compliance only.

Maintaining FISMA compliance is critical to ensure that the security of the Department’s IT assets is maintained. This is imperative as the number of attacks on the Department’s systems and assets steadily increase.