1 / 22

FISMA Corrective action plans

FISMA Corrective action plans. OVERVIEW. Background Components and Guidelines Frequently Asked Questions. BACKGROUND. Corrective Action Plans (CAPs) are a requirement of FISMA. CAPs make FISMA an ongoing process. Ensures risks are corrected, not just identified.

eve-vinson
Download Presentation

FISMA Corrective action plans

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FISMA Corrective action plans

  2. OVERVIEW • Background • Components and Guidelines • Frequently Asked Questions

  3. BACKGROUND • Corrective Action Plans (CAPs) are a requirement of FISMA. • CAPs make FISMA an ongoing process. Ensures risks are corrected, not just identified. • They cover a period of time, not a point in time.

  4. COMPONENTS • Include all risks where action has not been fully implemented. • Describe the action taken so far. • Describe additional action to be taken. • State when additional action will be implemented.

  5. GUIDELINES • There is no required format. • Plan must be UPDATED every six months. • Last year’s risks are not required to be included in the new action plan.

  6. Frequently asked questions

  7. QUESTION #1 What are the consequences if our department does not complete these CAPs?

  8. ANSWER #1 • The same as not submitting a FISMA Report. • Department will be posted to the non-compliers list • Finance representative may contact the department for follow-up • Program Budget Managers may be notified • BCPs may be declined

  9. QUESTION #2 Where should I send my CAPs?

  10. ANSWER #2 CAPs are required to be sent to FISMAhotline@dof.ca.gov

  11. QUESTION #3 I’m unclear when the first CAP is supposed to be submitted.

  12. ANSWER #3 6 months from REPORT DATE FISMA Report Dated 2nd CAP Due 3rd CAP Due 12/31/11 6/30/12 12/31/12 Jun Dec Dec Jan 1/30/12 CAP due 30 days from REPORT DATE ONLY IF it was not included with the report

  13. QUESTION #4 Is the CAP required to be posted to the Transparency website?

  14. ANSWER #4 No. Only the FISMA Report is required to be posted.

  15. QUESTION #5 If there are risks not fully mitigated/corrected by the end of the FISMA period, do they have to be included in the next FISMA report?

  16. ANSWER #5 Only if management still considers them a risk. Prior risks should be considered in the subsequent risk assessment process.

  17. QUESTION #6 Some of our corrective actions have an “ongoing” completion date. Even if all other corrective action is complete, do I have to continue submitting CAPs?

  18. ANSWER #6 Likely no. Corrective action is established to be an ongoing thing. Usually when corrective action indicates an “ongoing” completion date, the action has already been taken.

  19. QUESTION #7 Part of our department’s corrective action was contingent upon a Budget Change Proposal (BCP). What do we do if it has been denied?

  20. ANSWER #7 BCPs are not considered corrective action for FISMA purposes. Government Code §13407 states the provisions of FISMA should be carried out using existing resources; this includes the establishment and maintenance of internal controls.

  21. Questions?

More Related