1 / 10

Effectively Integrating Information Technology (IT) Security into the Acquisition Process

Effectively Integrating Information Technology (IT) Security into the Acquisition Process. A course for the Department of Commerce contracting and contracting officer representative communities. Course Overview.

tarmon
Télécharger la présentation

Effectively Integrating Information Technology (IT) Security into the Acquisition Process

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Effectively Integrating Information Technology (IT) Security into the Acquisition Process A course for the Department of Commerce contracting and contracting officer representative communities.

  2. Course Overview • Section 1: Getting Started: Getting Started: Purpose, Objectives, What is IT Security • Section 2: The Framework: Laws, Regulations, & Policy • Section 3: Major Players: Key Roles • Section 4: Effective Integration: Procurement & IT System Life Cycles • Section 5: ITSecurity Controls In Systems • Section 6: Key Security Specifications/Clauses

  3. Section 1: Purpose and Objectives • Purpose: • To become familiar with the IT security requirements that must be considered during the acquisition process. • Objectives: • To recognize the legal and practical reasons for considering IT security during the acquisition process • To identify specific security considerations in each phase of the acquisition life cycle • To integrate IT security language into procurement documents • To ensure that contractors comply with DOC and/or Bureau • Security standards and other industry security practices

  4. Section 1 cont’d: Commerce’s IT Security Program? Commerce’s IT Security Program • DOC maintains an IT Security Program Policy to ensure the protection of automated data processing assets IT resources from harm. DOC’s IT Security Program Policy can be found at the following address: http://www.osec.doc.gov/cio/oipr/ITSec/DOC-IT-Security-Program-Policy.htm

  5. Section 2: The Framework • Laws • Competition in Contracting Act of 1984 – CICA: The purpose is to increase the number of Federal procurements conducted under full and fair competition • Federal Information Security Management Act of 2002 – FISMA: Requires Federal Agencies to implement a comprehensive IT security program and monitor the security of all information systems • Government Paperwork Elimination Act – GPEA: Allows individuals or entities that deal with the agencies the option to submit information and to maintain records electronically, when practicable • Clinger-Cohen Act of 1996: Requires agencies to appoint Chief Information Officers

  6. Section 2 cont’d: The Framework • Laws • Paperwork Reduction Act of 1995: Requires federal agencies to be accountable for reducing the burden of federal paperwork requirements. • Privacy Act of 1974: Establishes provisions to protect an individual’s rights against unwarranted invasions of their privacy

  7. Section 2 cont’d: The Framework • Regulations • Federal Acquisition Regulation (FAR): Establishes uniform acquisition policies and procedures among all executive agencies. • Commerce Acquisition Regulation (CAR): Established by the Department of Commerce to implement and supplement the FAR within the Department of Commerce. • Policies • OMB Circular A-130, Appendix III: Establishes a minimum set of controls that agencies must include in IT security programs; assigns agency responsibilities for the security of IT; and links agency IT security programs to agency management controls that define the roles and responsibilities of individuals acquiring, using, and managing IT systems.

  8. Section 3: Major Players • Key Roles • Chief Information Officer (CIO): Ensures the organization’s programs make full use of information technology • Contracting Officer (CO): A federal procurement official that is authorized to contractually obligate the Federal Government as set forth in the Federal Acquisition Regulations (FAR) Subpart 1.6. • Contracting Officer’s Technical Representative (COTR): A Federal Government appointed by a CO to serve as the CO’s technical representative on a designated contract or order subject to the limitations set forth in their appointment and delegation letter. • Division/Bureau IT Security Program Manager/Chief and or IT Security Officer: Responsible for developing and maintaining a bureau or organization’s IT security program

  9. Section 3 cont’d: Major Players • Key Roles • Information Technology Review Board (ITRB):Reviews and evaluates the Department’s information technology capital investments • Procurement Initiator: A Federal Government employee that represents programmatic interests during the pre-award phase of the acquisition process and is responsible for initiating a requisition for a particular procurement need • Privacy Officer: Responsible for ensuring that the services or system being procured complies with existing privacy laws and policies • Program Manager: Manages a group of related activities performed within a definable time period to meet a specific set of objectives • Technical Evaluation Team: Responsible for reviewing, analyzing, rating and ranking offers or quotes in response to a request for offers or quotations.

  10. Module 1 Review Summary • Legal Framework • What is IT Security? • Major Players

More Related