Administration
Federal Information Security Management Act (FISMA) Compliance FY 2003
Executive Summary
Office of Information Technology
PBGC continues to improve its system security infrastructure and posture in compliance with the Federal Information Security Management Act of 2002. Since last year's reporting period, PBGC has improved the Enterprise Information Systems Security Program (EISSP) led by the Information Systems Security Officer. The EISSP ensures the following activities are conducted, monitored, and evaluated:
- Periodic assessments of general support and major business application;
- Annual Security Plan updates;
- Establish policy and procedures based on risk assessments that cost effectively reduce information security through exercising the System Life Cycle Management process;
- Improve security of the facilities, network operation, and information systems through periodic inspections;
- Improve Security Awareness Training by implementing Computer Base Training and briefings with awareness videos for its annual training and newly hired personnel;
- Conduct periodic testing and evaluation of the effectiveness of security policies, procedures, and practices;
- Improve security awareness for detecting, reporting, and responding to security incidence; and
- Conduct exercises to test continuity of operations for general support and major business systems.
