California Area Office

Are we required to have an Information Systems Security Officer?

Why an ISA?

What are the IHS security training requirements?"

All IHS information system users must take annual security and privacy training in order to fulfill federal mandates and regulations.

Who are the IHS California Area Security Points of Contact (POC)?

Are any data services offered by IHS such as off line backup or use auditing as required in the "Interconnection Security Agreement"?

Is there an explanation for all of the sections of the "Interconnection Security Agreement"?

We have a backup and recover system - is this good enough or is there some specific standard needed to comply with the ISA?

What is the time frame to implement each of the requirements of the "ISA"?

Define the type of encryption, or cryptographic modules we should use and where we get them.

How do you suggest we audit/monitor our users? What software should we use and who pays for the software?

Where do we find the security awareness training site? How is it used? Is this a web site? Is it a paper test?

What do you suggest we do to comply with the 24/7 requirement?

What is a "persistent connection"?

Do you have examples of the disaster recovery plan or the security plan so we have some idea what it should look like?

Where can the recommended Standard Operating Procedures (SOP's) be found?

Our site hosts our own RPMS database - do we still need to sign an Interconnection Security Agreement?

Where can we get the definition of a "security incident"?

Do we need to include a detailed Network Diagram with our ISA?

What about wireless?

Where can I learn more about the certification and accreditation process?