SlideShare a Scribd company logo

It security cert_508

wardell henley
wardell henley

It security cert_508

Technology
1 of 4
Download to read offline
IT-Certification (Rev 2/2013) 1 INFORMATION SECURITY PROGRAM REQUIREMENTS Checklist and Certification (2/2013) RFP No: _______________________________ Pre Solicitation Review Date: _________________ Contract No:___________________________ Pre-Award Review Date: _____________________ Project Title: _______________________________________________________________________________ Contracting Officer:_________________________________________________________________________ [Name & Contact Information] Contracting Officer:_________________________________________________________________________ [Name & Contact Information] PRE-SOLICITATION [ ] INFORMATION SECURITY IS NOT APPLICABLE for this RFP. [ ] INFORMATION SECURITY IS APPLICABLE and the following information is required for RFP preparation: A. INFORMATION TYPE [ ] Administrative, Management and Support Information: [ ] Mission Based Information: B. SECURITY CATEGORIES AND LEVELS Confidentiality: [ ] Low [ ] Moderate [ ] High Integrity: [ ] Low [ ] Moderate [ ] High Availability: [ ] Low [ ] Moderate [ ] High Overall: [ ] Low [ ] Moderate [ ] High C. POSITION SENSITIVITY DESIGNATIONS The following position sensitivity designations and associated clearance and investigation requirements apply under this contract: [ ] Level 6: Public Trust - High Risk (Requires Suitability Determination with a BI). Contractor employees assigned to a Level 6 position are subject to a Background Investigation (BI). [ ] Level 5: Public Trust - Moderate Risk (Requires Suitability Determination with MBI or LBI). Contractor employees assigned to a Level 5 position with no previous investigation and approval shall undergo a Minimum Background Investigation (MBI), or a Limited Background Investigation (LBI). [ ] Level 1: Non Sensitive (Requires Suitability Determination with an NACI). Contractor employees assigned to a Level 1 position are subject to a National Agency Check and Inquiry Investigation (NACI).
IT-Certification (Rev 2/2013) 2 D. ROSPECTIVE OFFEROR NON-DISCLOSURE AGREEMENT [ ] Offerors WILL NOT require access to sensitive information in order to prepare an offer. [ ] Offerors WILL require access to sensitive information in order to prepare an offer: Description of sensitive information: ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ Select appropriate position sensitivity designation below. [ ] Level 6C: Sensitive - High Risk [ ] Level 5C: Sensitive - Moderate Risk CERTIFICATION: Based on the above, and contingent upon inclusion of all applicable solicitation language prescribed in the NIH Workform, we certify that the solicitation specifies appropriate security requirements necessary to protect the Government’s interest and is in compliance with all Federal and DHHS security requirements. _________________________________________ ___________________ Project Officer Signature Date _________________________________________ Project Officer Typed Name _________________________________________ ___________________ Information Systems Security Officer Signature Date _________________________________________ Information Systems Security Officer Typed Name
IT-Certification (Rev 2/2013) 3 INFORMATION SECURITY PROGRAM REQUIREMENTS Checklist and Certification (2/2013) RFP No: _______________________________ Pre Solicitation Review Date: _________________ Contract No:___________________________ Pre-Award Review Date: _____________________ Project Title: _______________________________________________________________________________ Contracting Officer:_________________________________________________________________________ [Name & Contact Information] Contracting Officer:_________________________________________________________________________ [Name & Contact Information] PRE-AWARD A. SYSTEMS SECURITY PLAN (SSP) [ ] SSP Approved. The SSP dated ______________, submitted by the contractor has been reviewed by the Government, is considered acceptable, and should be incorporated into the awarded contract. [ ] This project requires a full SSP conforming to the NIST Guide for developing Security Plans for federal Information Systems http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf which must be submitted to the I/C, ISSO no later than 90 calendar days after the effective date of the contract. [ ] The SSP submitted by the contractor does not meet the minimum requirements for IT Security in the following area(s): [ ] Security Awareness Training [ ] Access Control [ ] Protection against data loss [ ] Malicious Code Protection [ ] Physical Security A revised SSP shall be submitted no later than 90 calendar days after the assignment of task (eg. hosting a government website) that would require such a plan. [ ] No SSP is required for this work. B. OFFEROR’S PROPOSAL [ ] Notwithstanding the information regarding the SSP, above, the offeror’s proposal dated___________, specifies appropriate security requirements necessary to comply with the Federal and Departmental policy. [ ] The offeror’s proposal dated, __________ is deficient in the following areas: ________________________________________________________________________________ ________________________________________________________________________________
IT-Certification (Rev 2/2013) 4 ________________________________________________________________________________ ________________________________________________________________________________ [ ] No Award is recommended until the offeror submits additional information to resolve the deficiencies sited above. [ ] Award may be made contingent upon the inclusion of contract language stipulating the submission of additional information resolving the deficiencies cited above. This information must be submitted no later than 90 calendar days after the effective date of this contract. CERTIFICATION: Based on the above, and contingent upon inclusion of all applicable Contract language prescribed in the NIH Contract Workform, we certify that the contract specifies appropriate security requirements necessary to protect the Government’s interest and is in compliance with all Federal and DHHS security requirements. _________________________________________ ___________________ Project Officer Signature Date _________________________________________ Project Officer Typed Name _________________________________________ ___________________ Information Systems Security Officer Signature Date _________________________________________ Information Systems Security Officer Typed Name

Recommended

Request for Computer Data
Request for Computer DataRequest for Computer Data
Request for Computer Datataxman taxman
 
Loan application
Loan applicationLoan application
Loan applicationGhada Taha
 
Equity finance loan form application
Equity finance loan form applicationEquity finance loan form application
Equity finance loan form applicationEdward Musah
 
New lead feedback (2)
New lead feedback (2)New lead feedback (2)
New lead feedback (2)Gentle Hands Home Care
 
Ecowatch customer information sheet
Ecowatch customer information sheetEcowatch customer information sheet
Ecowatch customer information sheetAUDIE POSADAS
 
src
srcsrc
srcCCSE
 
Rental Application
Rental ApplicationRental Application
Rental Applicationkarlamina
 
Notice to perform (rntp)
Notice to perform (rntp)Notice to perform (rntp)
Notice to perform (rntp)cdukelow
 

Recommended

Request for Computer Data
Request for Computer DataRequest for Computer Data
Request for Computer Datataxman taxman
 
Loan application
Loan applicationLoan application
Loan applicationGhada Taha
 
Equity finance loan form application
Equity finance loan form applicationEquity finance loan form application
Equity finance loan form applicationEdward Musah
 
New lead feedback (2)
New lead feedback (2)New lead feedback (2)
New lead feedback (2)Gentle Hands Home Care
 
Ecowatch customer information sheet
Ecowatch customer information sheetEcowatch customer information sheet
Ecowatch customer information sheetAUDIE POSADAS
 
src
srcsrc
srcCCSE
 
Rental Application
Rental ApplicationRental Application
Rental Applicationkarlamina
 
Notice to perform (rntp)
Notice to perform (rntp)Notice to perform (rntp)
Notice to perform (rntp)cdukelow
 
Formato para la revisión de los proyectos de pregrado medicina
Formato para la revisión de los proyectos de pregrado medicinaFormato para la revisión de los proyectos de pregrado medicina
Formato para la revisión de los proyectos de pregrado medicinaSistemadeEstudiosMed
 
SEC Form C
SEC Form CSEC Form C
SEC Form CTommy Toy
 
Papa portrait
Papa portraitPapa portrait
Papa portraitleonorarivera
 
Broker application
Broker applicationBroker application
Broker applicationArmani Khoury
 
Financial Resource Request Form
Financial Resource Request FormFinancial Resource Request Form
Financial Resource Request FormDemand Metric
 
Freelook cancellation form
Freelook cancellation formFreelook cancellation form
Freelook cancellation formcsd0664
 
Change Control Form
Change Control FormChange Control Form
Change Control FormR.Tarakeshwar Rao B.E,PGDM-MCP®, ITIL V3 ,PRINCE2®
 
Cybersecurityvalidationchangecontrol 140617085808-phpapp01
Cybersecurityvalidationchangecontrol 140617085808-phpapp01Cybersecurityvalidationchangecontrol 140617085808-phpapp01
Cybersecurityvalidationchangecontrol 140617085808-phpapp01Subhajit Bhuiya
 
1954 Wg Architectural Control Committee Compliance
1954 Wg Architectural Control Committee Compliance1954 Wg Architectural Control Committee Compliance
1954 Wg Architectural Control Committee ComplianceKenLeebow
 
CVCF Loan Application AI v3
CVCF Loan Application AI v3CVCF Loan Application AI v3
CVCF Loan Application AI v3Anthony R. Iervolino ( DIRECT LENDER)
 
Business ProjectFormal Project Proposal Evaluation Feedback F.docx
Business ProjectFormal Project Proposal Evaluation Feedback F.docxBusiness ProjectFormal Project Proposal Evaluation Feedback F.docx
Business ProjectFormal Project Proposal Evaluation Feedback F.docxjasoninnes20
 
IS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxIS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxJacqueline Williams
 
IS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxIS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxJacqueline Williams
 
Community and enterprise department community grant application form 2011
Community and enterprise department community grant application form 2011Community and enterprise department community grant application form 2011
Community and enterprise department community grant application form 2011ruairimcginley
 
Sample Unsolicited Proposal Submission
Sample Unsolicited Proposal SubmissionSample Unsolicited Proposal Submission
Sample Unsolicited Proposal SubmissionJaime Alfredo Cabrera
 
Newaccountcreditapp
NewaccountcreditappNewaccountcreditapp
Newaccountcreditappmhuubse
 
GuideIT Customer Success Criteria Guide
GuideIT Customer Success Criteria GuideGuideIT Customer Success Criteria Guide
GuideIT Customer Success Criteria GuideVision Concepts Infrastructure Services Solution
 
Firsrttimebuyerbrochure
FirsrttimebuyerbrochureFirsrttimebuyerbrochure
Firsrttimebuyerbrochurejcline
 
Starholidayloan
StarholidayloanStarholidayloan
Starholidayloanunknown321
 
A Cloud-Centric Ecosystem Approach to Ease IoT Development
A Cloud-Centric Ecosystem Approach to Ease IoT DevelopmentA Cloud-Centric Ecosystem Approach to Ease IoT Development
A Cloud-Centric Ecosystem Approach to Ease IoT DevelopmentYujing Wu
 
RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfwardell henley
 
mita_overview.pdf
mita_overview.pdfmita_overview.pdf
mita_overview.pdfwardell henley
 

More Related Content

Similar to It security cert_508

Formato para la revisión de los proyectos de pregrado medicina
Formato para la revisión de los proyectos de pregrado medicinaFormato para la revisión de los proyectos de pregrado medicina
Formato para la revisión de los proyectos de pregrado medicinaSistemadeEstudiosMed
 
Financial Resource Request Form
Financial Resource Request FormFinancial Resource Request Form
Financial Resource Request FormDemand Metric
 
Freelook cancellation form
Freelook cancellation formFreelook cancellation form
Freelook cancellation formcsd0664
 
Cybersecurityvalidationchangecontrol 140617085808-phpapp01
Cybersecurityvalidationchangecontrol 140617085808-phpapp01Cybersecurityvalidationchangecontrol 140617085808-phpapp01
Cybersecurityvalidationchangecontrol 140617085808-phpapp01Subhajit Bhuiya
 
1954 Wg Architectural Control Committee Compliance
1954 Wg Architectural Control Committee Compliance1954 Wg Architectural Control Committee Compliance
1954 Wg Architectural Control Committee ComplianceKenLeebow
 
Business ProjectFormal Project Proposal Evaluation Feedback F.docx
Business ProjectFormal Project Proposal Evaluation Feedback F.docxBusiness ProjectFormal Project Proposal Evaluation Feedback F.docx
Business ProjectFormal Project Proposal Evaluation Feedback F.docxjasoninnes20
 
IS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxIS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxJacqueline Williams
 
IS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxIS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxJacqueline Williams
 
Community and enterprise department community grant application form 2011
Community and enterprise department community grant application form 2011Community and enterprise department community grant application form 2011
Community and enterprise department community grant application form 2011ruairimcginley
 
Sample Unsolicited Proposal Submission
Sample Unsolicited Proposal SubmissionSample Unsolicited Proposal Submission
Sample Unsolicited Proposal SubmissionJaime Alfredo Cabrera
 
Newaccountcreditapp
NewaccountcreditappNewaccountcreditapp
Newaccountcreditappmhuubse
 
Firsrttimebuyerbrochure
FirsrttimebuyerbrochureFirsrttimebuyerbrochure
Firsrttimebuyerbrochurejcline
 
Starholidayloan
StarholidayloanStarholidayloan
Starholidayloanunknown321
 
A Cloud-Centric Ecosystem Approach to Ease IoT Development
A Cloud-Centric Ecosystem Approach to Ease IoT DevelopmentA Cloud-Centric Ecosystem Approach to Ease IoT Development
A Cloud-Centric Ecosystem Approach to Ease IoT DevelopmentYujing Wu
 

Similar to It security cert_508 (20)

Formato para la revisión de los proyectos de pregrado medicina
Formato para la revisión de los proyectos de pregrado medicinaFormato para la revisión de los proyectos de pregrado medicina
Formato para la revisión de los proyectos de pregrado medicina
 
SEC Form C
SEC Form CSEC Form C
SEC Form C
 
Papa portrait
Papa portraitPapa portrait
Papa portrait
 
Broker application
Broker applicationBroker application
Broker application
 
Financial Resource Request Form
Financial Resource Request FormFinancial Resource Request Form
Financial Resource Request Form
 
Freelook cancellation form
Freelook cancellation formFreelook cancellation form
Freelook cancellation form
 
Change Control Form
Change Control FormChange Control Form
Change Control Form
 
Cybersecurityvalidationchangecontrol 140617085808-phpapp01
Cybersecurityvalidationchangecontrol 140617085808-phpapp01Cybersecurityvalidationchangecontrol 140617085808-phpapp01
Cybersecurityvalidationchangecontrol 140617085808-phpapp01
 
1954 Wg Architectural Control Committee Compliance
1954 Wg Architectural Control Committee Compliance1954 Wg Architectural Control Committee Compliance
1954 Wg Architectural Control Committee Compliance
 
CVCF Loan Application AI v3
CVCF Loan Application AI v3CVCF Loan Application AI v3
CVCF Loan Application AI v3
 
Business ProjectFormal Project Proposal Evaluation Feedback F.docx
Business ProjectFormal Project Proposal Evaluation Feedback F.docxBusiness ProjectFormal Project Proposal Evaluation Feedback F.docx
Business ProjectFormal Project Proposal Evaluation Feedback F.docx
 
IS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxIS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docx
 
IS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxIS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docx
 
Community and enterprise department community grant application form 2011
Community and enterprise department community grant application form 2011Community and enterprise department community grant application form 2011
Community and enterprise department community grant application form 2011
 
Sample Unsolicited Proposal Submission
Sample Unsolicited Proposal SubmissionSample Unsolicited Proposal Submission
Sample Unsolicited Proposal Submission
 
Newaccountcreditapp
NewaccountcreditappNewaccountcreditapp
Newaccountcreditapp
 
GuideIT Customer Success Criteria Guide
GuideIT Customer Success Criteria GuideGuideIT Customer Success Criteria Guide
GuideIT Customer Success Criteria Guide
 
Firsrttimebuyerbrochure
FirsrttimebuyerbrochureFirsrttimebuyerbrochure
Firsrttimebuyerbrochure
 
Starholidayloan
StarholidayloanStarholidayloan
Starholidayloan
 
A Cloud-Centric Ecosystem Approach to Ease IoT Development
A Cloud-Centric Ecosystem Approach to Ease IoT DevelopmentA Cloud-Centric Ecosystem Approach to Ease IoT Development
A Cloud-Centric Ecosystem Approach to Ease IoT Development
 

More from wardell henley

RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfwardell henley
 
Landscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfLandscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfwardell henley
 
Facets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfFacets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfwardell henley
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfwardell henley
 
Itil a guide to cab meetings pdf
Itil a guide to cab meetings pdfItil a guide to cab meetings pdf
Itil a guide to cab meetings pdfwardell henley
 
9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmpwardell henley
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paperwardell henley
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingwardell henley
 
213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmenwardell henley
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178wardell henley
 
Enterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securityEnterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securitywardell henley
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01wardell henley
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardswardell henley
 
Ms app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguideMs app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguidewardell henley
 
IBM enterprise Content Management
IBM enterprise Content ManagementIBM enterprise Content Management
IBM enterprise Content Managementwardell henley
 
5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaperwardell henley
 

More from wardell henley (20)

RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdf
 
mita_overview.pdf
mita_overview.pdfmita_overview.pdf
mita_overview.pdf
 
Landscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfLandscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdf
 
Facets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfFacets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdf
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdf
 
Itil a guide to cab meetings pdf
Itil a guide to cab meetings pdfItil a guide to cab meetings pdf
Itil a guide to cab meetings pdf
 
Mn bfdsprivacy
Mn bfdsprivacyMn bfdsprivacy
Mn bfdsprivacy
 
9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paper
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_training
 
213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen
 
Soa security2
Soa security2Soa security2
Soa security2
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178
 
Enterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securityEnterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20security
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandards
 
Ms app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguideMs app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguide
 
IBM enterprise Content Management
IBM enterprise Content ManagementIBM enterprise Content Management
IBM enterprise Content Management
 
oracle EBS
oracle EBSoracle EBS
oracle EBS
 
5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper
 

Recently uploaded

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 

Recently uploaded (20)

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 

It security cert_508

  • 1. IT-Certification (Rev 2/2013) 1 INFORMATION SECURITY PROGRAM REQUIREMENTS Checklist and Certification (2/2013) RFP No: _______________________________ Pre Solicitation Review Date: _________________ Contract No:___________________________ Pre-Award Review Date: _____________________ Project Title: _______________________________________________________________________________ Contracting Officer:_________________________________________________________________________ [Name & Contact Information] Contracting Officer:_________________________________________________________________________ [Name & Contact Information] PRE-SOLICITATION [ ] INFORMATION SECURITY IS NOT APPLICABLE for this RFP. [ ] INFORMATION SECURITY IS APPLICABLE and the following information is required for RFP preparation: A. INFORMATION TYPE [ ] Administrative, Management and Support Information: [ ] Mission Based Information: B. SECURITY CATEGORIES AND LEVELS Confidentiality: [ ] Low [ ] Moderate [ ] High Integrity: [ ] Low [ ] Moderate [ ] High Availability: [ ] Low [ ] Moderate [ ] High Overall: [ ] Low [ ] Moderate [ ] High C. POSITION SENSITIVITY DESIGNATIONS The following position sensitivity designations and associated clearance and investigation requirements apply under this contract: [ ] Level 6: Public Trust - High Risk (Requires Suitability Determination with a BI). Contractor employees assigned to a Level 6 position are subject to a Background Investigation (BI). [ ] Level 5: Public Trust - Moderate Risk (Requires Suitability Determination with MBI or LBI). Contractor employees assigned to a Level 5 position with no previous investigation and approval shall undergo a Minimum Background Investigation (MBI), or a Limited Background Investigation (LBI). [ ] Level 1: Non Sensitive (Requires Suitability Determination with an NACI). Contractor employees assigned to a Level 1 position are subject to a National Agency Check and Inquiry Investigation (NACI).
  • 2. IT-Certification (Rev 2/2013) 2 D. ROSPECTIVE OFFEROR NON-DISCLOSURE AGREEMENT [ ] Offerors WILL NOT require access to sensitive information in order to prepare an offer. [ ] Offerors WILL require access to sensitive information in order to prepare an offer: Description of sensitive information: ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ Select appropriate position sensitivity designation below. [ ] Level 6C: Sensitive - High Risk [ ] Level 5C: Sensitive - Moderate Risk CERTIFICATION: Based on the above, and contingent upon inclusion of all applicable solicitation language prescribed in the NIH Workform, we certify that the solicitation specifies appropriate security requirements necessary to protect the Government’s interest and is in compliance with all Federal and DHHS security requirements. _________________________________________ ___________________ Project Officer Signature Date _________________________________________ Project Officer Typed Name _________________________________________ ___________________ Information Systems Security Officer Signature Date _________________________________________ Information Systems Security Officer Typed Name
  • 3. IT-Certification (Rev 2/2013) 3 INFORMATION SECURITY PROGRAM REQUIREMENTS Checklist and Certification (2/2013) RFP No: _______________________________ Pre Solicitation Review Date: _________________ Contract No:___________________________ Pre-Award Review Date: _____________________ Project Title: _______________________________________________________________________________ Contracting Officer:_________________________________________________________________________ [Name & Contact Information] Contracting Officer:_________________________________________________________________________ [Name & Contact Information] PRE-AWARD A. SYSTEMS SECURITY PLAN (SSP) [ ] SSP Approved. The SSP dated ______________, submitted by the contractor has been reviewed by the Government, is considered acceptable, and should be incorporated into the awarded contract. [ ] This project requires a full SSP conforming to the NIST Guide for developing Security Plans for federal Information Systems http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf which must be submitted to the I/C, ISSO no later than 90 calendar days after the effective date of the contract. [ ] The SSP submitted by the contractor does not meet the minimum requirements for IT Security in the following area(s): [ ] Security Awareness Training [ ] Access Control [ ] Protection against data loss [ ] Malicious Code Protection [ ] Physical Security A revised SSP shall be submitted no later than 90 calendar days after the assignment of task (eg. hosting a government website) that would require such a plan. [ ] No SSP is required for this work. B. OFFEROR’S PROPOSAL [ ] Notwithstanding the information regarding the SSP, above, the offeror’s proposal dated___________, specifies appropriate security requirements necessary to comply with the Federal and Departmental policy. [ ] The offeror’s proposal dated, __________ is deficient in the following areas: ________________________________________________________________________________ ________________________________________________________________________________
  • 4. IT-Certification (Rev 2/2013) 4 ________________________________________________________________________________ ________________________________________________________________________________ [ ] No Award is recommended until the offeror submits additional information to resolve the deficiencies sited above. [ ] Award may be made contingent upon the inclusion of contract language stipulating the submission of additional information resolving the deficiencies cited above. This information must be submitted no later than 90 calendar days after the effective date of this contract. CERTIFICATION: Based on the above, and contingent upon inclusion of all applicable Contract language prescribed in the NIH Contract Workform, we certify that the contract specifies appropriate security requirements necessary to protect the Government’s interest and is in compliance with all Federal and DHHS security requirements. _________________________________________ ___________________ Project Officer Signature Date _________________________________________ Project Officer Typed Name _________________________________________ ___________________ Information Systems Security Officer Signature Date _________________________________________ Information Systems Security Officer Typed Name