Department of Labor, Bureau of Labor Statistics (BLS)

FISMA Security Compliance Reviews

The E-Government Act of 2002 required all federal agencies to assess their computer systems for impacts from security breaches; certain categories of systems had to be reviewed by independent auditors. In 2006, BLS selected Enlightened to perform this review on three of their systems, based on our two prior FISMA review experiences.

In the performance of this project, Enlightened will:

• Gather and review all security-specific documentation and artifacts relating to the Current Population Survey (CPS), Current Employment Statistics (CES), and Employment Cost Index (ECI) systems.
• Assess the potential impacts from loss of confidentiality, integrity or availability of the three systems, and impacts on BLS mission.
• Rate the systems as to Low, Moderate, or High impact. (Systems rated Low may be corrected internally by BLS; Moderate or High impact risks require certification by an independent party.)
• Interview key personnel who interact with these systems for their ground truth insights.
• Identify and appraise the management, technical, and operational controls currently in place.
• Assess the systems for security risks cited in NIST SP 800-53 guidelines and identify any deficiencies.

Enlightened has developed a security assessment methodology that addresses personnel security, physical access controls, technical and functional application controls, and hardware and firmware. This project, as all our engagements, will employ our Customer-Oriented Process Improvement (COPI) approach to apply a uniform, repeatable process that focuses on customer interests, needs, and expectations.