Skip Navigation
Federal Energy Regulatory Commission

Text Size small medium large
Information Security and Systems Assurance Division


The Information Security and Systems Assurance Division (ISSAD) is responsible for the management and oversight of the Commission cybersecurity and systems assurance programs and the functions of the Chief Information Security Officer. ISSAD develops and maintains the IT Security Framework for the Commission, which consists of the Security Architecture, Security Policies and Procedures, and the Security Strategic Plan. ISSAD also promotes general IT security awareness and readiness to include training of users on all IT Security and Privacy issues, guidelines, and procedures implemented at the FERC. ISSAD ensures Commission compliance with all IT standards and Federal mandates pertaining to security, including the Federal Information Security Management Act (FISMA), and OMB.


  • Implement and oversee an enterprise security architecture which includes firewall logs, virus protection, access management, host security, encryption, intrusion protection, network monitoring and Virtual Private Network (VPN).

  • Act as the CIO liaison on all audits including the yearly audit from the DOE Inspector General and A-123 audits.

  • Oversee the Commission Incident Response Program and coordinate IT security incident response efforts with CIO and DOE, based on US-CERT guidelines.

  • Manage the Configuration Change Control Board

  • Implement and manage CIO Configuration Management policies, procedures and repositories, including management of all baselines

  • Oversee and facilitate the functions of the Chief Information Security Officer to include: governance of IT security functions, mission, policies, OMB mandates and management of ethical hackers

  • Ensure all mission-critical systems adequately implement security controls for confidentiality, integrity, and availability of all Commission data

  • Ensure mission-critical systems security controls are reviewed, evaluated and approved for authority to operate in production

  • Oversee and manage Independent Validation and Verification of IT initiatives and associated contractors

  • Ensure all mandated cybersecurity and privacy awareness training is conducted for all Commission employees