1. Policy, Standards, Guidelines

2. NSF draft Article for FATC supplement The awardee is responsible for all information technology (IT) systems security and associated equipment and information, funded directly or indirectly by this award. The awardee shall present to the cognizant NSF Program Officer and Grants and Agreements Officer a written plan addressing policies and procedures for review and approval within 60 days of award.

3. NSF draft Article for FATC supplement (cont.) The plan shall describe the information security program appropriate for the project, including but not limited to roles and responsibilities, risk assessment, technical safeguards, administrative safeguards, physical safeguards, policies and procedures, and awareness and training. The plan should include evaluation criteria that will measure the successful implementation and deployment of the plans, policies and procedures.

4. NSF Draft guidelines for IT Security Extension of business plan Large Facilities and FFRDCs only goal is to engage the program manager in a dialogue with the PI, awardee, research office, and local organization security wide concern that they are not guidelines, but mandated set of requirements or checklist for compliance –language needs to be added to present proper context

5. Communications how to communicate back to awardee on guidelines and program requirements –outreach to PIs, contracts offices notification of incidents back to NSF –suggested thresholds to consider when business continuity is affected or potentially affected potential impact on community as a whole likelyhood of bad PR and political/reputation ramifications –does it become public information? –is it FOIAble?