IT Security Office of the Chief Information Security Officer
The Chief Information Security Officer (CISO) manages the GSA Information Technology (IT) Security Office (OCISO) which is responsible for the development and maintenance of the GSA IT Security Program. The OCISO provides services and expertise across the agency to implement and maintain the IT Security Program; as well as establishes and promulgates IT security policies, procedures, controls, and guidelines.
The OCISO also monitors efforts to mitigate vulnerabilities affecting the GSA Enterprise in a timely manner, manages the annual Federal Information Security Management Act (FISMA) assessment process and conducts continuous monitoring of GSA systems and the Agency Incident Response Program. In addition, they provides and monitors required enterprise IT security awareness and role-based training for GSA.
The Security Engineering (SecEng) Division (ISE) provides security consulting and engineering support for systems and emerging IT and IT security initiatives. In addition, they provide incident response and technical benchmarks. ISE directly supports IT division offices in developing technical security standards and architectural security standards in the support of IT systems.
The Security Operations (SecOps) Division (ISO) provides real-time operational security through SOC and enterprise network security capabilities. This division supports IT division offices by providing vulnerability scanning and operational support security services at the enterprise level including managing fire-walls, intrusion prevention systems, and security information and event management (SIEM). This supports the various applications that these offices are operating.
The Policy and Compliance Division (ISP) provides management and maintenance of the GSA Plan of Action and Milestones (POA&M), Continuous Monitoring Program, Security Awareness and Role Based Training programs. They also manage the process to create and maintain GSA IT security policies, co-ordinates Cyber Security audits and the FISMA compliance agency reporting process. This work directly supports the IT systems that are being developed by GSA IT division offices. ISP provides information to the CISO and Authorizing Officials to monitor the implementation of the GSA IT Security policy.
The Staff Offices ISSO Services Division (IST) provides ISSO and ISSM support services to Staff Offices and Service systems. This work directly supports the IT systems that are being developed and managed by GSA IT division offices. Services provided by IST assists the CISO and Authorizing Officials during the assessment process to grant an Authority to Operate.
For GSA Privacy Program information, please refer to GSA's Privacy Program.