1 Acquisitions IT Security, and the Suitability Investigations Process February 2005 Daniel Sands NCI/OM/ISCS 301-496-1678

Slides:

Advertisements

Similar presentations

Office of University Partnerships Office of Policy Development and Research U.S. Department of Housing and Urban Development Office of University Partnerships.

Advertisements

Personnel Background Investigations. Introduction The interests of the national security require that all persons privileged to be employed in the departments.

Introduction to Staff Personnel Files

State and FBI Fingerprint Checks for Members and Staff

DHHS COE Meeting Agenda November, 2013 □Contract Compliance Reporting □Contract Update □Questions and Answers.

 Provider Manual Section Provider Subcontracts: An approved subcontract is required when any part or requirement of a service as defined by the.

Department of Health and Human Services Personal Identity Verification Training APPLICANT.

Records Management Basics 1 Jasmine Sourignavong, Division of Records Management Tre Hargett, Secretary of State.

“How can a contractor get a Badge” This information will assist you in the correct process to obtain a Badge for New Contractors.

1 Disclaimer The following information was presented by Andrew Levy of the Office of General Counsel of DHS on June 12, 2007 at the 2007 Chemical Sector.

For West Virginia Department of Education DISCLAIMER This PowerPoint presentation serves only as a snapshot of purchasing regulations. Please visit the.

Information Systems Security Officer

Network Centric Enterprise Public Trust Information and Navy Enterprise Resource Planning Presented to the Small Business and Industry Outreach Initiative.

U.S. Department of Agriculture HSPD 12 Program HSPD 12 Personal Identity Verification (PIV) I Core Training: Registrars.

** Deckplate training for Navy Sailors **.  On Thursday, 9 July, the Office of Personnel Management (OPM) announced a cyber incident exposed the federal.

Davis-Bacon, Related Acts, and Your Project Where you can locate the information needed to comply with Davis-Bacon and Related Acts 1.

OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil March 20, 2015 UNCLASSIFIED Industrial Security.

1 eLOCCS Training: Operating Fund Payments Public Housing Financial Management Division Office of Public and Indian Housing US Department of Housing and.

Administration & Finance Summer 2008 Training Departments Purchasing, Payment Services & Travel Procard Financial Services Employee Relations & Development.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

WORKING WITH SPO AND IAO Lynne HollyerNoam Pines Associate Director Research Administrator Industry Alliances OfficeSponsored Projects Office

1 Personnel Security 2007 Data Protection Seminar TMA Privacy Office HEALTH AFFAIRS TRICARE Management Activity.

NOAA TASS CD-591 Training April 9, Purpose This training will outline the NOAA policies and procedures for Trusted Agent Sponsorship System (TASS)

Office of the Vice Chancellor for Research 1 Update on PHS New Rule on Financial Conflicts of Interest (FCOI) Presentation to Business Managers January.

POSITION DESCRIPTION OHIO DEPARTMENT OF ADMINISTRATIVE SERVICES PERSONNEL DIVISION DIVISION Sheriff’s Office AGENCY Ottawa County _____State Agency X County.

Department of the Navy Information Security Program

Non-Employee Identity System (NEIS) Adjudicator Training.

Non-Employee Identity System (NEIS) Adjudicator Training.

HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.

A step-by-step guide to help you determine if your research protocol is required to be reviewed by the Lindenwood University IRB INSTITUTIONAL REVIEW BOARD.

Non-Employee Identity System (NEIS) Adjudicator Training.

BUSINESS AFFAIRS – CONTRACTS TRAINING PROCESSING CONTRACTS THROUGH WSU’s OFFICE OF BUSINESS AFFAIRS.

1. Module Rev.F1 2  The Integrated Safety Management System (ISMS) is a systematic, common sense approach to working safely. The objective of.

AFGE Local 1858 Presents. DEPARTMENT OF DEFENSE PROPOSED N.S.P.S. NATIONAL SECURITY PERSONNEL SYSTEM.

System for Administration, Training, and Educational Resources for NASA External Training Requests for Users and Supervisors November 2009.

Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.

Publication Schemes Natasha Bodden Freedom of Information Unit November, 2009.

Report Tile Processing Investigative Forms

San Marino Unified School District Contracts Presentation Presented by: Wesley Lee, Budget Analyst October 28, 2015.

When Can You Redact Information Without Requesting an Attorney General Decision? Karen Hattaway Assistant Attorney General Open Records Division Views.

Recognize the practices that have GA and SACSCOC implications Recognize the Substantive Change compliance processes, actions, and timeframes Identify.

US Army Corps of Engineers BUILDING STRONG ® Mr. Daniel Carrasco Chief, Contracting Division USACE – LA District 13 OCT 2015.

STUDENT FACULTY / ITP COMMITTEE SENATE START 2. Look for company for ITP placement END 1. Generate the list of eligible students for ITP and conduct briefing.

0 Electronic Subcontracting Reporting System (eSRS) Department of Defense Government Training Submitting a SSR – Commercial Plan.

Operations 104 Class 7—Finance Policy. Class 6—Financial Policy Most churches have some sort of collection of policies on Finances. Often these come from.

Personnel Security Investigation Portal (PSIP): Update and Discussion

Office for Research Subjects (ORS) & Research Administration (ORA) In-Sync to Help Make your Research Happen Stephanie Gaudreau, Sr.Research Subjects Specialist,

INTERGOVERNMENTAL PERSONNEL ACT (IPA) Presented by: Ireti Akinola, HR Specialist, PPAG, OHR May 2015.

Learn Integrated Management System Documentation Process with Ready-to-use EQHSMS Documentation Kit

Avoiding Unauthorized Purchases An unauthorized purchase is a purchase committing agency funds without prior approval. Training provided by Texas Juvenile.

Contractors Equipment Insurance A brief overview.

IRS Audit… Say What ??? OKLAHOMA ASBO OCTOBER 1, 2014.

Compliance with Title VI of the Civil Rights Act of 1964.

HIRING REFORM – HOW TO APPLY TO USAJOBS WHAT APPLICANTS NEED TO KNOW 1.

PROPOSAL REVIEW AND SUBMISSION FYAP May 5, 2016 Julie Wammack Sponsored Research Administration.

Contract Compliance Training

“SPEAR” Workshop May 18, 2017 Julie Wammack

Administration of a FIDIC Contract - Commencement Date to + 28 Days -

Introduction to the Federal Defense Acquisition Regulation

Contract Compliance Training

Records Management Basics

Red Flags Rule An Introduction County College of Morris

What is a Proposal & How do I get started?

Contents subject to change.

Brown Bag Breakfast Briefing: Professional Service Providers

North Carolina Council on Developmental Disabilities

Vendor Management The Safety Qualification Package and You!

LEGAL OVERVIEW Board Governance

Diversity management system (DMS)

Presentation transcript:

1 Acquisitions IT Security, and the Suitability Investigations Process February 2005 Daniel Sands NCI/OM/ISCS

2 Credit where credit’s due… Rob LeVine, NIEHS Renita Brooks, NCI Cindy Walczak, NHLBI Tish Best, NCI

3 Acquisitions IT Security What is Required Security Designations Type of Investigations Compiling & Processing the “Package” Issues & questions

4 AIS IT Security Requirements NOT NEW: Policy and procedures on this topic have existed for years HHS placed emphasis in 2003 on enforcing designations/investigations Dona Lenkin Memo, NIH Deputy CIO to IC Executive Officers on June 25, 2003

5 Reference: HHS Instruction HHS Transmittal 98.1, Personnel Manual, Issued January 8, 1998 –HHS Instruction Policy, page 2, “Every department position, including those occupied by Commission Corps officers and those of contractors, must be designated with a sensitivity level.” Policy, page 3, “All employees and contractors must…be subject to personnel investigation requirements.”

6 Action Items to IC’s –Modify contracts to include IT security clauses NIH IT Security Awareness Training Non-disclosure agreements Security designation and investigations System Security Plan (SSP) where applicable –Include IT security language in new contracts –Designate all IT positions –Carry out suitability investigations –The employee may not start official work on the assigned position until the package is submitted and security training has been completed

7 Designation Requirements Does NOT apply to off-site contractors who do not directly access NCI data Every Federal Employee receives the minimum level automatically (Level 1) Initial target group is Information Technology – why we’re here Applies to subcontractors too Contractor employees processed through the Project Officer (PO)

8 Sensitivity Levels Three Designations for Positions –Non-Sensitive (1) –Public Trust (5 and 6) –National Security (2,3,4) - DoD The three designations correlate with specific sensitivity levels PO makes the determination with assistance of ISSO

9 Assignment of Security Level Determine the sensitivity and criticality of data and the degree of risk a position poses. Determine the sensitivity and criticality of data and the degree of risk a position poses. The higher the degree of risk, the higher the designation and corresponding investigation. The higher the degree of risk, the higher the designation and corresponding investigation.

10 Sensitivity Levels - Described Level 1 Basic For usual non- sensitive work NACI$88 Level 5 Sensitive,Low Borderline cases and limited scope NACIC$102 Level 5 Sensitive, moderate Some privileges, moderate scope MBI$425 Level 5 Sensitive, high Those with privileges and scope LBI$2070 Level 6 Very highest sensitivity Few unless application rating demands level BI$2505

11 Investigation Steps Person in a designated position is informed of requirement for investigation through PO via contractor management Person fills out forms and mails to NCI reviewer Renita Brooks – time is a factor NCI reviewer approves or rejects package based on completeness NCI reviewer signs cover letter and provides agency information, including CAN to pay for investigation

12 25A = BI, fast 35 day turnaround 20C = LBI, normal 120 day 15C = MBI NACI = 02B 5 = MBI or LBI 6 = BI 1 = NACI “Contractor” - plus additional title CAN # for providing budget – ex 83237__ 034A FILL OUT BLOCKS A, C, G, I, J, L,O, P? NACI forms are signed by the Project Officer. MBI and LBI forms are signed by NIH. HE07 for SF-85 (NIH) HE00 for SF-86 Forms (HHS) HE00 for SF85P (HHS)

13 Processing the Package Level 1 NACI goes directly from Renita Brooks to OPM All other levels have a few additional stops –Renita sends the package to the NIH/OD –Cassandra Harris reviews and sends the package to the HHS Security Officer –HHS sends the packages to OPM –OPM communicates back to NIH, NCI –PO maintains records on file

14 The Investigation ‘Package’ HHS Credit Release Form Official Fingerprints SD copies (NIH Police recommended) OF306, Declaration of Federal Employment (includes contractors) SF 85 or SF85P – Questionnaire for Public Trust Positions Resume of the candidate Cover letter with required authorities*

15 Recommendations Contracts should be modified now Position designations can be made now Start investigations processing The safe choice is to default to the higher level for IT position designations, e.g. MBI Forms available online

16 NIH Investigations Contact NCI IT Security Review –Ms. Renita Brooks or NCI ISSO –Daniel Sands, Blaise Czekalski, Bruce Woodcock or NIH Div. of Security and Emergency Response –Ms. Cassandra Harris or

17 Action Items to IC’s –Modify contracts to include IT security clauses NIH IT Security Awareness Training Non-disclosure agreements Security designation and investigations System Security Plan (SSP) where applicable –Include IT security language in new contracts –Designate all IT positions –Carry out suitability investigations