Effectively Integrating Information Technology (IT) Security into the Acquisition Process A course for the Department of Commerce contracting and contracting.

Slides:



Advertisements
Similar presentations
The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Advertisements

Subchapter M-Indian Self- Determination and Education Assistance Act Program Part 273-Education Contracts under Johnson-OMalley Act.
OMB Circular A133 Audits of States, Local Governments, and Non-Profit Organizations 1 Departmental Research Administrators Training Track.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 4: Effective Integration.
Joint Contingency Contracting
IT Security Law for Federal Agencies As of: 30 December 2002.
4/28/20151 Presented by: Anne Taylor, NECTAC David Steele, OSEP OSEP Part C Fiscal Management Verification: What Is It And How Do I Prepare For It?
GSA Expo 2009 Overview of Major Acquisition Management Jack Kelly Office of Management and Budget.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
U.S. General Services Administration General Services Administration Policy, the Procurement Process, the Buy Accessible Wizard, and Purchasing Section.
Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.
National Contract Management Association – Norfolk Chapter Contracting Ground Rules.
Electronic Government: Law, Policy, and Practice Jonathan P. Womer Information Policy and Technology Office of Management and Budget
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Office of Business Development Training
Partnership Agreements Delegation of SBA’s Contract Execution Authority to other Federal Government Agencies.
NASA Johnson Space Center Contracting Officer and Contracting Officer’s Technical Representative.
Public Procurement in The Rep. of Maldives
ZHRC/HTI Financial Management Training
Guiding principles for the Federal acquisition system
1 ROLES, RESPONSIBILITIES, AND TIMELINES FOR CONTRACTING ADMINISTRATIVE GUIDELINE NUMBER 3 Harpers Ferry Center Office of Acquisition Management August.
National Property Management Association Understanding the Statement of Work… Request for Proposal --- Section C.
Complying With The Federal Information Security Act (FISMA)
A SOUND INVESTMENT IN SUCCESSFUL VR OUTCOMES FINANCIAL MANAGEMENT FINANCIAL MANAGEMENT.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
MALAYSIAN GOVERNMENT PROCUREMENT
A Security Training Program through Transformational Leadership and Practical Approaches Tanetta N. Isler Federal Information Systems Security Educators’
Conservation Districts in New York Training Module 1.
FISMA Privacy Reporting Requirements United States Pacific Command (USPACOM) FOIA & Privacy Act Conference Presented by Samuel P. Jenkins, Director for.
Other Laws (Primarily for E-Government) COEN 351.
Federal Information System Security Educators Association
Departmental Administrators Training Course (DA-202)
“Establishing Internal Financial Controls” Presented by: Fred Thomas, Bureau Chief of Administration.
Presented by Raaj Kurapati and Charlene Hart. Introduction  The Single Audit Act Amendments of 1996 was enacted to streamline and improve the effectiveness.
Contractor Business Systems (CBS) Rule Eric Fassett.
Jeffrey B. Birch, Acting Director Equal Employment Opportunity Responsibilities of Federal Procurement Officers: An Update 2015, February 18.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
FAR Part 1 The Federal Acquisition Regulation System.
December 14, 2011/Office of the NIH CIO Operational Analysis – What Does It Mean To The Project Manager? NIH Project Management Community of Excellence.
Office of Policy and Management State of Connecticut Presentation to the State Contracting Standards Board January 18, 2006 Office of Policy and Management.
Module 2 Slide 1 NATIONAL COMMUNICATIONS COMMISSION REGULATORY PRACTICES WORKSHOP MODULE: 2 A The Independent Regulator.
PUBLIC FINANCE MANAGEMENT ACT TREASURY REGULATIONS AND.
SUPPLY CHAIN MANAGEMENT. Background The Public Finance Management Act was approved and promulgated in March 1999 to give effect to Sections 213, 214,
1 This Presentation is printed on recycled materials.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
Department of Commerce Information Technology Conference April 12-14, 2005 Acquisitions for the Department of Commerce Greg Crider Office of Acquisition.
Brette Kaplan, Esq. Erin Auerbach, Esq. Brustein & Manasevit, PLLC Spring Forum 2013
Office of Management and Budget NDIA Program Management Systems Committee May 3, 2005 EVMS Compliance Requirements David Muzio.
Department of Defense Knowledge Fair Tim Young Office of Management and Budget September 27, 2007.
Overview of Issues and Interests in Standards and Interoperability Mary Saunders Chief, Standards Services Division NIST.
1 Interim Report of the IWGDD May Overview: Pursuing Goals to Harness the Power of Digital Data for Science and Society The IWGDD recommends that.
1 Office of SCience Management Systems (SCMS) Real Property Management June 2-6, 2008 Palms Spring, CA Gloria J. Baldwin DOE Chicago Office.
ITCC / IT Retreat Data Access Procedure December 10, 2009 Karl F. Lutzen Information Security Officer.
RECOMMENDATIONS OF THE GOVERNOR ’ S TASK FORCE ON CONTRACTING AND PROCUREMENT REVIEW Report Overview PD Customer Forum September 2002.
Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.
OSEP Project Directors’ Conference Managing Your Grants 101 Terry Jackson – OSEP Shedeh Hajghassemali – OSEP July 22, 2008.
Privacy Act United States Army (Managerial Training)
UNDERSTANDING INFORMATION MANAGEMENT (IM) WITHIN THE FEDERAL GOVERNMENT.
Introduction to Procurement for Public Housing Authorities Getting Started: Basic Administrative Requirements Unit 1.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Office of Management and Enterprise Services Central Purchasing Division Keith Gentry Contract Manager
Laura Freeman Department of Energy Contractor Contracts Specialist Policy Analyst Contracting Officer National Aeronautics and Space Administration Contracting.
March 2013 CPO Training Jan Hall, Contracts Manager.
THE PUBLIC PROCUREMENT ACT (ACT NO. 12 OF 2008)
Business Briefing Security Service Providers
Harpers Ferry Center Office of Acquisition Management August 2010
GDPR – Practical Implementation Managing contracts, procurement and relationships with suppliers Terry Brewer Chief Executive.
Presentation transcript:

Effectively Integrating Information Technology (IT) Security into the Acquisition Process A course for the Department of Commerce contracting and contracting officer representative communities.

Course Overview Section 1: Getting Started: Getting Started: Purpose, Objectives, What is IT Security Section 2: The Framework: Laws, Regulations, & Policy Section 3: Major Players: Key Roles Section 4: Effective Integration: Procurement & IT System Life Cycles Section 5: IT Security Controls In Systems Section 6: Key Security Specifications/Clauses

Section 1: Purpose and Objectives Purpose: –To become familiar with the IT security requirements that must be considered during the acquisition process. Objectives: -To recognize the legal and practical reasons for considering IT security during the acquisition process -To identify specific security considerations in each phase of the acquisition life cycle -To integrate IT security language into procurement documents -To ensure that contractors comply with DOC and/or Bureau Security standards and other industry security practices

Section 1 cont’d: Commerce’s IT Security Program? Commerce’s IT Security Program DOC maintains an IT Security Program Policy to ensure the protection of automated data processing assets IT resources from harm. DOC’s IT Security Program Policy can be found at the following address:

Section 2: The Framework Laws Competition in Contracting Act of 1984 – CICA: The purpose is to increase the number of Federal procurements conducted under full and fair competition Federal Information Security Management Act of 2002 – FISMA: Requires Federal Agencies to implement a comprehensive IT security program and monitor the security of all information systems Government Paperwork Elimination Act – GPEA: Allows individuals or entities that deal with the agencies the option to submit information and to maintain records electronically, when practicable Clinger-Cohen Act of 1996: Requires agencies to appoint Chief Information Officers

Section 2 cont’d: The Framework Laws Paperwork Reduction Act of 1995: Requires federal agencies to be accountable for reducing the burden of federal paperwork requirements. Privacy Act of 1974: Establishes provisions to protect an individual’s rights against unwarranted invasions of their privacy

Section 2 cont’d: The Framework Regulations –Federal Acquisition Regulation (FAR): Establishes uniform acquisition policies and procedures among all executive agencies. –Commerce Acquisition Regulation (CAR): Established by the Department of Commerce to implement and supplement the FAR within the Department of Commerce. Policies –OMB Circular A-130, Appendix III: Establishes a minimum set of controls that agencies must include in IT security programs; assigns agency responsibilities for the security of IT; and links agency IT security programs to agency management controls that define the roles and responsibilities of individuals acquiring, using, and managing IT systems.

Section 3: Major Players Key Roles –Chief Information Officer (CIO): Ensures the organization’s programs make full use of information technology –Contracting Officer (CO): A federal procurement official that is authorized to contractually obligate the Federal Government as set forth in the Federal Acquisition Regulations (FAR) Subpart 1.6. –Contracting Officer’s Technical Representative (COTR): A Federal Government appointed by a CO to serve as the CO’s technical representative on a designated contract or order subject to the limitations set forth in their appointment and delegation letter. – Division/Bureau IT Security Program Manager/Chief and or IT Security Officer: Responsible for developing and maintaining a bureau or organization’s IT security program

Section 3 cont’d: Major Players Key Roles –Information Technology Review Board (ITRB): Reviews and evaluates the Department’s information technology capital investments –Procurement Initiator: A Federal Government employee that represents programmatic interests during the pre-award phase of the acquisition process and is responsible for initiating a requisition for a particular procurement need –Privacy Officer: Responsible for ensuring that the services or system being procured complies with existing privacy laws and policies –Program Manager: Manages a group of related activities performed within a definable time period to meet a specific set of objectives –Technical Evaluation Team: Responsible for reviewing, analyzing, rating and ranking offers or quotes in response to a request for offers or quotations.

Module 1 Review Summary Legal Framework What is IT Security? Major Players

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.