SlideShare a Scribd company logo

It security cert_508

wardell henley
wardell henley

It security cert_508

Technology
1 of 4
Download to read offline
IT-Certification (Rev 2/2013) 1 INFORMATION SECURITY PROGRAM REQUIREMENTS Checklist and Certification (2/2013) RFP No: _______________________________ Pre Solicitation Review Date: _________________ Contract No:___________________________ Pre-Award Review Date: _____________________ Project Title: _______________________________________________________________________________ Contracting Officer:_________________________________________________________________________ [Name & Contact Information] Contracting Officer:_________________________________________________________________________ [Name & Contact Information] PRE-SOLICITATION [ ] INFORMATION SECURITY IS NOT APPLICABLE for this RFP. [ ] INFORMATION SECURITY IS APPLICABLE and the following information is required for RFP preparation: A. INFORMATION TYPE [ ] Administrative, Management and Support Information: [ ] Mission Based Information: B. SECURITY CATEGORIES AND LEVELS Confidentiality: [ ] Low [ ] Moderate [ ] High Integrity: [ ] Low [ ] Moderate [ ] High Availability: [ ] Low [ ] Moderate [ ] High Overall: [ ] Low [ ] Moderate [ ] High C. POSITION SENSITIVITY DESIGNATIONS The following position sensitivity designations and associated clearance and investigation requirements apply under this contract: [ ] Level 6: Public Trust - High Risk (Requires Suitability Determination with a BI). Contractor employees assigned to a Level 6 position are subject to a Background Investigation (BI). [ ] Level 5: Public Trust - Moderate Risk (Requires Suitability Determination with MBI or LBI). Contractor employees assigned to a Level 5 position with no previous investigation and approval shall undergo a Minimum Background Investigation (MBI), or a Limited Background Investigation (LBI). [ ] Level 1: Non Sensitive (Requires Suitability Determination with an NACI). Contractor employees assigned to a Level 1 position are subject to a National Agency Check and Inquiry Investigation (NACI).
IT-Certification (Rev 2/2013) 2 D. ROSPECTIVE OFFEROR NON-DISCLOSURE AGREEMENT [ ] Offerors WILL NOT require access to sensitive information in order to prepare an offer. [ ] Offerors WILL require access to sensitive information in order to prepare an offer: Description of sensitive information: ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ Select appropriate position sensitivity designation below. [ ] Level 6C: Sensitive - High Risk [ ] Level 5C: Sensitive - Moderate Risk CERTIFICATION: Based on the above, and contingent upon inclusion of all applicable solicitation language prescribed in the NIH Workform, we certify that the solicitation specifies appropriate security requirements necessary to protect the Government’s interest and is in compliance with all Federal and DHHS security requirements. _________________________________________ ___________________ Project Officer Signature Date _________________________________________ Project Officer Typed Name _________________________________________ ___________________ Information Systems Security Officer Signature Date _________________________________________ Information Systems Security Officer Typed Name
IT-Certification (Rev 2/2013) 3 INFORMATION SECURITY PROGRAM REQUIREMENTS Checklist and Certification (2/2013) RFP No: _______________________________ Pre Solicitation Review Date: _________________ Contract No:___________________________ Pre-Award Review Date: _____________________ Project Title: _______________________________________________________________________________ Contracting Officer:_________________________________________________________________________ [Name & Contact Information] Contracting Officer:_________________________________________________________________________ [Name & Contact Information] PRE-AWARD A. SYSTEMS SECURITY PLAN (SSP) [ ] SSP Approved. The SSP dated ______________, submitted by the contractor has been reviewed by the Government, is considered acceptable, and should be incorporated into the awarded contract. [ ] This project requires a full SSP conforming to the NIST Guide for developing Security Plans for federal Information Systems http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf which must be submitted to the I/C, ISSO no later than 90 calendar days after the effective date of the contract. [ ] The SSP submitted by the contractor does not meet the minimum requirements for IT Security in the following area(s): [ ] Security Awareness Training [ ] Access Control [ ] Protection against data loss [ ] Malicious Code Protection [ ] Physical Security A revised SSP shall be submitted no later than 90 calendar days after the assignment of task (eg. hosting a government website) that would require such a plan. [ ] No SSP is required for this work. B. OFFEROR’S PROPOSAL [ ] Notwithstanding the information regarding the SSP, above, the offeror’s proposal dated___________, specifies appropriate security requirements necessary to comply with the Federal and Departmental policy. [ ] The offeror’s proposal dated, __________ is deficient in the following areas: ________________________________________________________________________________ ________________________________________________________________________________
IT-Certification (Rev 2/2013) 4 ________________________________________________________________________________ ________________________________________________________________________________ [ ] No Award is recommended until the offeror submits additional information to resolve the deficiencies sited above. [ ] Award may be made contingent upon the inclusion of contract language stipulating the submission of additional information resolving the deficiencies cited above. This information must be submitted no later than 90 calendar days after the effective date of this contract. CERTIFICATION: Based on the above, and contingent upon inclusion of all applicable Contract language prescribed in the NIH Contract Workform, we certify that the contract specifies appropriate security requirements necessary to protect the Government’s interest and is in compliance with all Federal and DHHS security requirements. _________________________________________ ___________________ Project Officer Signature Date _________________________________________ Project Officer Typed Name _________________________________________ ___________________ Information Systems Security Officer Signature Date _________________________________________ Information Systems Security Officer Typed Name

Recommended

Request for Computer Data
Request for Computer DataRequest for Computer Data
Request for Computer Datataxman taxman
 
Loan application
Loan applicationLoan application
Loan applicationGhada Taha
 
Equity finance loan form application
Equity finance loan form applicationEquity finance loan form application
Equity finance loan form applicationEdward Musah
 
New lead feedback (2)
New lead feedback (2)New lead feedback (2)
New lead feedback (2)Gentle Hands Home Care
 
Ecowatch customer information sheet
Ecowatch customer information sheetEcowatch customer information sheet
Ecowatch customer information sheetAUDIE POSADAS
 
src
srcsrc
srcCCSE
 
Rental Application
Rental ApplicationRental Application
Rental Applicationkarlamina
 
Notice to perform (rntp)
Notice to perform (rntp)Notice to perform (rntp)
Notice to perform (rntp)cdukelow
 

Recommended

Request for Computer Data
Request for Computer DataRequest for Computer Data
Request for Computer Datataxman taxman
 
Loan application
Loan applicationLoan application
Loan applicationGhada Taha
 
Equity finance loan form application
Equity finance loan form applicationEquity finance loan form application
Equity finance loan form applicationEdward Musah
 
New lead feedback (2)
New lead feedback (2)New lead feedback (2)
New lead feedback (2)Gentle Hands Home Care
 
Ecowatch customer information sheet
Ecowatch customer information sheetEcowatch customer information sheet
Ecowatch customer information sheetAUDIE POSADAS
 
src
srcsrc
srcCCSE
 
Rental Application
Rental ApplicationRental Application
Rental Applicationkarlamina
 
Notice to perform (rntp)
Notice to perform (rntp)Notice to perform (rntp)
Notice to perform (rntp)cdukelow
 
Formato para la revisión de los proyectos de pregrado medicina
Formato para la revisión de los proyectos de pregrado medicinaFormato para la revisión de los proyectos de pregrado medicina
Formato para la revisión de los proyectos de pregrado medicinaSistemadeEstudiosMed
 
SEC Form C
SEC Form CSEC Form C
SEC Form CTommy Toy
 
Papa portrait
Papa portraitPapa portrait
Papa portraitleonorarivera
 
Broker application
Broker applicationBroker application
Broker applicationArmani Khoury
 
Financial Resource Request Form
Financial Resource Request FormFinancial Resource Request Form
Financial Resource Request FormDemand Metric
 
Freelook cancellation form
Freelook cancellation formFreelook cancellation form
Freelook cancellation formcsd0664
 
Change Control Form
Change Control FormChange Control Form
Change Control FormR.Tarakeshwar Rao B.E,PGDM-MCP®, ITIL V3 ,PRINCE2®
 
1954 Wg Architectural Control Committee Compliance
1954 Wg Architectural Control Committee Compliance1954 Wg Architectural Control Committee Compliance
1954 Wg Architectural Control Committee ComplianceKenLeebow
 
CVCF Loan Application AI v3
CVCF Loan Application AI v3CVCF Loan Application AI v3
CVCF Loan Application AI v3Anthony R. Iervolino ( DIRECT LENDER)
 
Business ProjectFormal Project Proposal Evaluation Feedback F.docx
Business ProjectFormal Project Proposal Evaluation Feedback F.docxBusiness ProjectFormal Project Proposal Evaluation Feedback F.docx
Business ProjectFormal Project Proposal Evaluation Feedback F.docxjasoninnes20
 
IS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxIS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxJacqueline Williams
 
IS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxIS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxJacqueline Williams
 
Community and enterprise department community grant application form 2011
Community and enterprise department community grant application form 2011Community and enterprise department community grant application form 2011
Community and enterprise department community grant application form 2011ruairimcginley
 
Sample Unsolicited Proposal Submission
Sample Unsolicited Proposal SubmissionSample Unsolicited Proposal Submission
Sample Unsolicited Proposal SubmissionJaime Alfredo Cabrera
 
Newaccountcreditapp
NewaccountcreditappNewaccountcreditapp
Newaccountcreditappmhuubse
 
GuideIT Customer Success Criteria Guide
GuideIT Customer Success Criteria GuideGuideIT Customer Success Criteria Guide
GuideIT Customer Success Criteria GuideVision Concepts Infrastructure Services Solution
 
Firsrttimebuyerbrochure
FirsrttimebuyerbrochureFirsrttimebuyerbrochure
Firsrttimebuyerbrochurejcline
 
Starholidayloan
StarholidayloanStarholidayloan
Starholidayloanunknown321
 
A Cloud-Centric Ecosystem Approach to Ease IoT Development
A Cloud-Centric Ecosystem Approach to Ease IoT DevelopmentA Cloud-Centric Ecosystem Approach to Ease IoT Development
A Cloud-Centric Ecosystem Approach to Ease IoT DevelopmentYujing Wu
 
Transfer policy
Transfer policyTransfer policy
Transfer policyDiyana Arus
 
RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfwardell henley
 
mita_overview.pdf
mita_overview.pdfmita_overview.pdf
mita_overview.pdfwardell henley
 

More Related Content

Similar to It security cert_508

Formato para la revisión de los proyectos de pregrado medicina
Formato para la revisión de los proyectos de pregrado medicinaFormato para la revisión de los proyectos de pregrado medicina
Formato para la revisión de los proyectos de pregrado medicinaSistemadeEstudiosMed
 
Financial Resource Request Form
Financial Resource Request FormFinancial Resource Request Form
Financial Resource Request FormDemand Metric
 
Freelook cancellation form
Freelook cancellation formFreelook cancellation form
Freelook cancellation formcsd0664
 
1954 Wg Architectural Control Committee Compliance
1954 Wg Architectural Control Committee Compliance1954 Wg Architectural Control Committee Compliance
1954 Wg Architectural Control Committee ComplianceKenLeebow
 
Business ProjectFormal Project Proposal Evaluation Feedback F.docx
Business ProjectFormal Project Proposal Evaluation Feedback F.docxBusiness ProjectFormal Project Proposal Evaluation Feedback F.docx
Business ProjectFormal Project Proposal Evaluation Feedback F.docxjasoninnes20
 
IS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxIS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxJacqueline Williams
 
IS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxIS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxJacqueline Williams
 
Community and enterprise department community grant application form 2011
Community and enterprise department community grant application form 2011Community and enterprise department community grant application form 2011
Community and enterprise department community grant application form 2011ruairimcginley
 
Sample Unsolicited Proposal Submission
Sample Unsolicited Proposal SubmissionSample Unsolicited Proposal Submission
Sample Unsolicited Proposal SubmissionJaime Alfredo Cabrera
 
Newaccountcreditapp
NewaccountcreditappNewaccountcreditapp
Newaccountcreditappmhuubse
 
Firsrttimebuyerbrochure
FirsrttimebuyerbrochureFirsrttimebuyerbrochure
Firsrttimebuyerbrochurejcline
 
Starholidayloan
StarholidayloanStarholidayloan
Starholidayloanunknown321
 
A Cloud-Centric Ecosystem Approach to Ease IoT Development
A Cloud-Centric Ecosystem Approach to Ease IoT DevelopmentA Cloud-Centric Ecosystem Approach to Ease IoT Development
A Cloud-Centric Ecosystem Approach to Ease IoT DevelopmentYujing Wu
 

Similar to It security cert_508 (20)

Formato para la revisión de los proyectos de pregrado medicina
Formato para la revisión de los proyectos de pregrado medicinaFormato para la revisión de los proyectos de pregrado medicina
Formato para la revisión de los proyectos de pregrado medicina
 
SEC Form C
SEC Form CSEC Form C
SEC Form C
 
Papa portrait
Papa portraitPapa portrait
Papa portrait
 
Broker application
Broker applicationBroker application
Broker application
 
Financial Resource Request Form
Financial Resource Request FormFinancial Resource Request Form
Financial Resource Request Form
 
Freelook cancellation form
Freelook cancellation formFreelook cancellation form
Freelook cancellation form
 
Change Control Form
Change Control FormChange Control Form
Change Control Form
 
1954 Wg Architectural Control Committee Compliance
1954 Wg Architectural Control Committee Compliance1954 Wg Architectural Control Committee Compliance
1954 Wg Architectural Control Committee Compliance
 
CVCF Loan Application AI v3
CVCF Loan Application AI v3CVCF Loan Application AI v3
CVCF Loan Application AI v3
 
Business ProjectFormal Project Proposal Evaluation Feedback F.docx
Business ProjectFormal Project Proposal Evaluation Feedback F.docxBusiness ProjectFormal Project Proposal Evaluation Feedback F.docx
Business ProjectFormal Project Proposal Evaluation Feedback F.docx
 
IS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxIS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docx
 
IS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docxIS4799InformationSystemsandCyberSecurityCapstoneProject.docx
IS4799InformationSystemsandCyberSecurityCapstoneProject.docx
 
Community and enterprise department community grant application form 2011
Community and enterprise department community grant application form 2011Community and enterprise department community grant application form 2011
Community and enterprise department community grant application form 2011
 
Sample Unsolicited Proposal Submission
Sample Unsolicited Proposal SubmissionSample Unsolicited Proposal Submission
Sample Unsolicited Proposal Submission
 
Newaccountcreditapp
NewaccountcreditappNewaccountcreditapp
Newaccountcreditapp
 
GuideIT Customer Success Criteria Guide
GuideIT Customer Success Criteria GuideGuideIT Customer Success Criteria Guide
GuideIT Customer Success Criteria Guide
 
Firsrttimebuyerbrochure
FirsrttimebuyerbrochureFirsrttimebuyerbrochure
Firsrttimebuyerbrochure
 
Starholidayloan
StarholidayloanStarholidayloan
Starholidayloan
 
A Cloud-Centric Ecosystem Approach to Ease IoT Development
A Cloud-Centric Ecosystem Approach to Ease IoT DevelopmentA Cloud-Centric Ecosystem Approach to Ease IoT Development
A Cloud-Centric Ecosystem Approach to Ease IoT Development
 
Transfer policy
Transfer policyTransfer policy
Transfer policy
 

More from wardell henley

RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfwardell henley
 
Landscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfLandscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfwardell henley
 
Facets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfFacets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfwardell henley
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfwardell henley
 
Itil a guide to cab meetings pdf
Itil a guide to cab meetings pdfItil a guide to cab meetings pdf
Itil a guide to cab meetings pdfwardell henley
 
9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmpwardell henley
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paperwardell henley
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingwardell henley
 
213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmenwardell henley
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178wardell henley
 
Enterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securityEnterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securitywardell henley
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01wardell henley
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardswardell henley
 
Ms app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguideMs app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguidewardell henley
 
IBM enterprise Content Management
IBM enterprise Content ManagementIBM enterprise Content Management
IBM enterprise Content Managementwardell henley
 
5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaperwardell henley
 

More from wardell henley (20)

RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdf
 
mita_overview.pdf
mita_overview.pdfmita_overview.pdf
mita_overview.pdf
 
Landscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfLandscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdf
 
Facets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfFacets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdf
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdf
 
Itil a guide to cab meetings pdf
Itil a guide to cab meetings pdfItil a guide to cab meetings pdf
Itil a guide to cab meetings pdf
 
Mn bfdsprivacy
Mn bfdsprivacyMn bfdsprivacy
Mn bfdsprivacy
 
9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paper
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_training
 
213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen
 
Soa security2
Soa security2Soa security2
Soa security2
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178
 
Enterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securityEnterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20security
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandards
 
Ms app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguideMs app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguide
 
IBM enterprise Content Management
IBM enterprise Content ManagementIBM enterprise Content Management
IBM enterprise Content Management
 
oracle EBS
oracle EBSoracle EBS
oracle EBS
 
5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper
 

Recently uploaded

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

It security cert_508

  • 1. IT-Certification (Rev 2/2013) 1 INFORMATION SECURITY PROGRAM REQUIREMENTS Checklist and Certification (2/2013) RFP No: _______________________________ Pre Solicitation Review Date: _________________ Contract No:___________________________ Pre-Award Review Date: _____________________ Project Title: _______________________________________________________________________________ Contracting Officer:_________________________________________________________________________ [Name & Contact Information] Contracting Officer:_________________________________________________________________________ [Name & Contact Information] PRE-SOLICITATION [ ] INFORMATION SECURITY IS NOT APPLICABLE for this RFP. [ ] INFORMATION SECURITY IS APPLICABLE and the following information is required for RFP preparation: A. INFORMATION TYPE [ ] Administrative, Management and Support Information: [ ] Mission Based Information: B. SECURITY CATEGORIES AND LEVELS Confidentiality: [ ] Low [ ] Moderate [ ] High Integrity: [ ] Low [ ] Moderate [ ] High Availability: [ ] Low [ ] Moderate [ ] High Overall: [ ] Low [ ] Moderate [ ] High C. POSITION SENSITIVITY DESIGNATIONS The following position sensitivity designations and associated clearance and investigation requirements apply under this contract: [ ] Level 6: Public Trust - High Risk (Requires Suitability Determination with a BI). Contractor employees assigned to a Level 6 position are subject to a Background Investigation (BI). [ ] Level 5: Public Trust - Moderate Risk (Requires Suitability Determination with MBI or LBI). Contractor employees assigned to a Level 5 position with no previous investigation and approval shall undergo a Minimum Background Investigation (MBI), or a Limited Background Investigation (LBI). [ ] Level 1: Non Sensitive (Requires Suitability Determination with an NACI). Contractor employees assigned to a Level 1 position are subject to a National Agency Check and Inquiry Investigation (NACI).
  • 2. IT-Certification (Rev 2/2013) 2 D. ROSPECTIVE OFFEROR NON-DISCLOSURE AGREEMENT [ ] Offerors WILL NOT require access to sensitive information in order to prepare an offer. [ ] Offerors WILL require access to sensitive information in order to prepare an offer: Description of sensitive information: ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ Select appropriate position sensitivity designation below. [ ] Level 6C: Sensitive - High Risk [ ] Level 5C: Sensitive - Moderate Risk CERTIFICATION: Based on the above, and contingent upon inclusion of all applicable solicitation language prescribed in the NIH Workform, we certify that the solicitation specifies appropriate security requirements necessary to protect the Government’s interest and is in compliance with all Federal and DHHS security requirements. _________________________________________ ___________________ Project Officer Signature Date _________________________________________ Project Officer Typed Name _________________________________________ ___________________ Information Systems Security Officer Signature Date _________________________________________ Information Systems Security Officer Typed Name
  • 3. IT-Certification (Rev 2/2013) 3 INFORMATION SECURITY PROGRAM REQUIREMENTS Checklist and Certification (2/2013) RFP No: _______________________________ Pre Solicitation Review Date: _________________ Contract No:___________________________ Pre-Award Review Date: _____________________ Project Title: _______________________________________________________________________________ Contracting Officer:_________________________________________________________________________ [Name & Contact Information] Contracting Officer:_________________________________________________________________________ [Name & Contact Information] PRE-AWARD A. SYSTEMS SECURITY PLAN (SSP) [ ] SSP Approved. The SSP dated ______________, submitted by the contractor has been reviewed by the Government, is considered acceptable, and should be incorporated into the awarded contract. [ ] This project requires a full SSP conforming to the NIST Guide for developing Security Plans for federal Information Systems http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf which must be submitted to the I/C, ISSO no later than 90 calendar days after the effective date of the contract. [ ] The SSP submitted by the contractor does not meet the minimum requirements for IT Security in the following area(s): [ ] Security Awareness Training [ ] Access Control [ ] Protection against data loss [ ] Malicious Code Protection [ ] Physical Security A revised SSP shall be submitted no later than 90 calendar days after the assignment of task (eg. hosting a government website) that would require such a plan. [ ] No SSP is required for this work. B. OFFEROR’S PROPOSAL [ ] Notwithstanding the information regarding the SSP, above, the offeror’s proposal dated___________, specifies appropriate security requirements necessary to comply with the Federal and Departmental policy. [ ] The offeror’s proposal dated, __________ is deficient in the following areas: ________________________________________________________________________________ ________________________________________________________________________________
  • 4. IT-Certification (Rev 2/2013) 4 ________________________________________________________________________________ ________________________________________________________________________________ [ ] No Award is recommended until the offeror submits additional information to resolve the deficiencies sited above. [ ] Award may be made contingent upon the inclusion of contract language stipulating the submission of additional information resolving the deficiencies cited above. This information must be submitted no later than 90 calendar days after the effective date of this contract. CERTIFICATION: Based on the above, and contingent upon inclusion of all applicable Contract language prescribed in the NIH Contract Workform, we certify that the contract specifies appropriate security requirements necessary to protect the Government’s interest and is in compliance with all Federal and DHHS security requirements. _________________________________________ ___________________ Project Officer Signature Date _________________________________________ Project Officer Typed Name _________________________________________ ___________________ Information Systems Security Officer Signature Date _________________________________________ Information Systems Security Officer Typed Name