U.S. Department of Transportation

In 2010, the U.S. Department of Transportation (DOT) received its annual Federal Information Security Management Act (FISMA) audit from the Office of the Inspector General. Like many fellow agencies, the 2010 FISMA audit brought a new list of recommendations that were added to an existing list of open recommendations from previous audits. The department decided that FY11 would mark the year where a structured, coordinated, and programmatic approach would be used to manage, track, and close recommendations in an expedited manner. In order to accomplish this goal, a team with strong program management skills and security expertise was required to support the Chief Information Security Officer and the Chief Information Officer.

Why This Matters To You

Cybersecurity is a growing challenge across both the public and private sectors in the wake of continued connectivity and reliance on technology. Critical infrastructure, including the nation's air traffic control system and high speed rail, relies on a vast network of information technology that must operate in a secure environment.

The DOT recognizes the criticality of its systems and the opportunity to enhance its security program to benefit both the traveling public and to the nation's economy. As such, ensuring the department adheres to the guidance provided by other agencies, such as National Institute of Standards and Technology (NIST), to implement the most current security standards and remediates known vulnerabilities is of both operational and strategic importance. Removing these weaknesses will move the department from a defensive posture to a proactive position where its security experts can focus on emerging threats and technologies before new vulnerabilities emerge.

How We Helped

Phase One was selected to support the department's Cybersecurity, Privacy, and Information Assurance Team. Given the role of providing overall coordination and program management support, the team worked with individual work stream leads to establish an Integrated Program Team to determine key milestones and appropriate measures to show progress for each of the recommendations.

The team also developed an integrated master schedule to communicate the dependencies between work streams and track progress across recommendations from FISMA as well as additional reports with information security related findings.

Additionally, Phase One worked with the Information System Security Managers from the Operating Administrations, such as the Federal Aviation Administration (FAA) and Federal Highway Administration (FHWA), to develop policy to close gaps and to require the implementation of proper security controls.