U.S. Department of Health and Human Services
Each of these laws and regulations is a major contributing factor to system security landscape. As an IT Administrator, you need to know what each of these laws or regulations requires of you to ensure your system is in compliance.
Compliance ensures that HHS is taking a risk-based approach toward protecting information resources. However, complying with the array of security requirements found in Federal laws, standards, and agency policy is a challenge. Within HHS, the Office of Inspector General helps by providing oversight.
FISMA takes a multi-faceted approach toward information security. Progress toward improving the security posture of HHS is measured by POA&M submissions. Metrics, provided by HHS in the annual FISMA report, are used to help measure compliance.
Page 1 of 1