Has the agency conducted a risk assessment, and identified and implemented appropriate technical, administrative, and operational security controls?
A C&A for the FAA IDMS system was completed on December 4, 2007. A Risk Assessment is being performed as part of this system C&A. Section 9.0 Analysis and Assessment 9.1. Whether or not competing technologies were evaluated, describe how data integrity, privacy, and security were analyzed as part of the decisions made for your system(s). The data integrity, privacy, and security for the IDMS system were reviewed as part of the C&A being performed for the system. In addition, these requirements were also reviewed as part of the C&A performed on the PCI organization in accordance with NIST 800-79 requirements. A Privacy Impact Assessment (PIA) has been completed for the IDMS system. A similar PIA and the SORN have been generated and published for the Investigations Tracking System that is the source for the PII data being used by the IDMS system. 9.2 Did you evaluate competing technologies to assess and compare their ability to effectively achieve the program’s goals? Yes, the program te
