Skip Navigation
Federal Energy Regulatory Commission

Text Size small medium large
Information Security and Systems Assurance Division

The Information Security and Systems Assurance Division is responsible for the management and oversight of the Commission cyber security and systems assurance programs.

Major areas of responsibilities are:

  1. Develop and maintain the IT Security Framework for the Commission, which consists of the Security Architecture, Security Policies and Procedures, and the Security Strategic Plan.

  2. Participate in Enterprise Architecture management activities and the Technology Performance Management Program.

  3. Serve as COTR for IT Security Support Contract and any other contracts for IT-related services as designated.

  4. Develop and implement security policies and practices to protect the Commission infrastructure and IT assets.

  5. Oversee and facilitate the functions of the Chief Information Security Officer to include: overall governance of IT security functions including development and management of IT security mission, mandates, and policies; IT security training and awareness development; IT security project portfolio development; and supervision or management of ethical hackers.

  6. Ensure Commission compliance with all IT standards and Federal mandates pertaining to security, including the Federal Information Security Management Act (FISMA).

  7. Promote general IT security awareness and readiness.

  8. Coordinate IT security incident response efforts.

  9. Implement and oversee an enterprise security architecture including firewalls, virus protection, access management, host security, encryption, intrusion detection, network monitoring and Virtual Private Network (VPN).

  10. Oversee the Commission systems assurance program including IT Continuity of Operations Strategy, Quality Assurance, Testing and Evaluation of technologies to be deployed, deployment of custom applications and maintenance of the Commission System Development Life Cycle (SDLC) methodology.

  11. Oversee and manage Independent Validation and Verification of IT initiatives and associated contractors.

  12. Conduct and manage all independent audits and artifacts within centralized repository.

  13. Implement and manage CIO Configuration Management policies, procedures and repositories, including management of all baselines.

  14. Manage the Configuration Change Control Board, utilizing the configuration policies to ensure stability in the IT infrastructure.

  15. Responsible for the Commissionís compliance with the FISMA reporting on the Privacy Act and the Commissionís Privacy Program.

  16. Responsible for training of users on all IT Security and Privacy issues, guidelines and procedures implemented at the FERC.

  17. Act as the CIO liaison on all audits including the yearly audit from the DOE Inspector General and A-123 audits.

  18. Responsible for management of CIO Knowledge Management repositories.