As a son of a retailer from Allentown, PA, I witnessed firsthand the importance of providing excellent customer service.  It was fundamental to business success especially with a rapidly changing competitive landscape. Rapidly evolving technology continues to hand consumers growing power to choose how and where to buy products and services, pushing customer expectations for superior service ever higher. 

 

Federal, State and Local governments are being called upon to provide more-responsive service, improved collaboration, increased transparency, and more-proactive efforts to improve customer satisfaction.  On the Federal level, virtually all previous administrations mentioned the importance of improving government service.  Some accomplished great things, some made major improvements, some talked about it, some had minimal impact.  The ongoing government challenge is to have the capability to provide similar quality of customer service on par with what citizens encounter in the private sector.    

 

The foundational premise of government is to serve the citizens.  Over the past twenty years, DGI’s coverage of the topic took many forms and aligned with the government solution focus of the time.  In 1998, eGovernment was the ‘hot’ topic of the day and DGI produced educational programming focused on government websites delivering service to citizens. 

 

Early in the new decade, the focus evolved into Customer Relations Management issues with transitional guidance coming from the Educational Advisory Committee members.  This evolved into focusing on the role, capabilities and importance of government Contact Centers which lead to the management and oversight of multi-channel service capabilities.  In 2007, working with the Educational Advisory Committee, DGI changed the name of the annual event to the Government Customer Service Conference.  As the topic evolves, so does the educational focus of the programming.  The focus the last two years was Customer Experience (CX). 

 

Digital Government Institute looks forward to delivering a platform to gather the service excellence community to discuss the policy, technology, and applications to improve government customer service for the next 20 years and beyond.

FISMA History

The Federal Information Security Management Act (FISMA) was enacted in 2002 as part of the E-Government Act of 2002.  The purpose of this legislation was to spotlight the importance of information security to the security interests of the country.  The Act requires each federal agency to develop, document and implement an agency-wide program to provide IT security for the information systems supporting the operations and assets of the agency including those provided by contractors.  Since 2009, Digital Government Institute has provided FISMA training seminars 2-3 times per year.

 

There has never been a time when security has been more important; to not just government, but society itself. In our data-driven, globally connected world, economic security is national security. Government performs multiple functions and in doing so, must appropriately protect its systems and data. It must also work with the private sector in critical infrastructure sectors. Given the incredible rate of technological advances and the consumerization of IT, government is struggling to keep up.

 

One security professional who has lived through decades of IT/Security evolution is Jim Litchko. Throughout his career, including time spent in the Navy and at NSA, as well as working in the private sector (now as a renowned consultant), he has always been on the cutting edge. Mr. Litchko created (and taught) the first graduate computer security course at Johns Hopkins. A few times each year, he leaves his home in sunny Portugal and heads to DC to share his expertise with attendees at DGI-sponsored FISMA training.  Mr. Litchko’s goal is to decrease the complexity of security. Given the number of returning attendees, he must be achieving that goal. The training classes include students new to the subject as well as those with 30+ years of experience.

Important Documents

Two important documents covered in the course are NIST Special Publication 800-53 Rev. 5 (Draft) Security and Privacy Controls for Information Systems and Organizations[1] and NIST Special Publication 800-37 Rev. 2 (Draft) Risk Management Framework for Information Systems Organizations: A System Life Cycle Approach for Security and Privacy (Discussion Draft)[2]—both of which have their next iterations delayed “due to the full integration of privacy-related material”[3] still being in process.[4] He uses the NIST Cybersecurity Framework[5] as an outline for preparing System Security Plans. He prefers one document for Operations and Security—a Security Operations Plan; reasoning that they have the same goals and people should recognize the connection. The course will also cover Metrics,[6] relevant Frameworks (e.g., Risk Management Framework, System Development Life Cycle, System Security Engineering Framework, etc.), DHS activities (e.g., Automation such as Continuous Diagnostics and Mitigation,[7] as well as Trusted Internet Connections), and Cloud Computing Federal Risk and Authorization Management Program—FedRAMP.

 

The course has been offered for nine years.  The materials are regularly refreshed and guest speakers from NIST and DHS provide the latest . Last year’s Cybersecurity Executive Order seemed to provide a key ingredient previously missing—accountability at the Executive level within an Agency. Time will tell whether security has improved as result of that enticement. Agency reports are due to Congress and the Government Accountability Office by March 1, 2018.[8]

 

For more information, visit www.digitalgovernment.com

[1] https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft.

[2] https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/draft.

[3]Planning Note (1/8/2018): Due to the full integration of privacy-related material into key NIST publications such as SP 800-37 and SP 800-53, the original production schedule has been delayed.  NIST will be working with the Office of Management and Budget (OMB) to establish a new schedule of deliverables for all publications undergoing updates and will publish that schedule as soon as it is available.” https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft; https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/draft.    

[4] Planning Note from January 8, 2018 had not been updated as of February 7, 2018.

[5] https://www.nist.gov/cyberframework/draft-version-11.

[6] FY 2018 CIO FISMA Metrics Version 1.0 31 October 2017 https://www.dhs.gov/sites/default/files/publications/FY%202018%20CIO%20FISMA%20Metrics_V1_Final%20508.pdf.

[7] https://www.dhs.gov/cdm.

[8] M-18-02 MEMORANDUM FOR THE HEAADS OF EXECUTIVE DEPARTMENTS AND AGENCIES Fiscal Year 2017-2018 Guidance on Federal Information Security and Privacy Management Requirements (October 16, 2017) https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2017/M-18-02%20%28final%29.pdf.