Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Acquisitions IT Security, and the Suitability Investigations Process February 2005 Daniel Sands NCI/OM/ISCS 301-496-1678

Published byMarybeth Marsh Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Acquisitions IT Security, and the Suitability Investigations Process February 2005 Daniel Sands NCI/OM/ISCS 301-496-1678"— Presentation transcript:

1

2 1 Acquisitions IT Security, and the Suitability Investigations Process February 2005 Daniel Sands NCI/OM/ISCS 301-496-1678 sandsd@mail.nih.gov

3 2 Credit where credit’s due… Rob LeVine, NIEHS Renita Brooks, NCI Cindy Walczak, NHLBI Tish Best, NCI

4 3 Acquisitions IT Security What is Required Security Designations Type of Investigations Compiling & Processing the “Package” Issues & questions

5 4 AIS IT Security Requirements NOT NEW: Policy and procedures on this topic have existed for years HHS placed emphasis in 2003 on enforcing designations/investigations Dona Lenkin Memo, NIH Deputy CIO to IC Executive Officers on June 25, 2003

6 5 Reference: HHS Instruction HHS Transmittal 98.1, Personnel Manual, Issued January 8, 1998 –HHS Instruction 731-1 Policy, page 2, “Every department position, including those occupied by Commission Corps officers and those of contractors, must be designated with a sensitivity level.” Policy, page 3, “All employees and contractors must…be subject to personnel investigation requirements.”

7 6 Action Items to IC’s –Modify contracts to include IT security clauses NIH IT Security Awareness Training Non-disclosure agreements Security designation and investigations System Security Plan (SSP) where applicable http://rcb-intranet.nci.nih.gov/workforms_set.htm –Include IT security language in new contracts –Designate all IT positions –Carry out suitability investigations –The employee may not start official work on the assigned position until the package is submitted and security training has been completed

8 7 Designation Requirements Does NOT apply to off-site contractors who do not directly access NCI data Every Federal Employee receives the minimum level automatically (Level 1) Initial target group is Information Technology – why we’re here Applies to subcontractors too Contractor employees processed through the Project Officer (PO)

9 8 Sensitivity Levels Three Designations for Positions –Non-Sensitive (1) –Public Trust (5 and 6) –National Security (2,3,4) - DoD The three designations correlate with specific sensitivity levels PO makes the determination with assistance of ISSO

10 9 Assignment of Security Level Determine the sensitivity and criticality of data and the degree of risk a position poses. Determine the sensitivity and criticality of data and the degree of risk a position poses. The higher the degree of risk, the higher the designation and corresponding investigation. The higher the degree of risk, the higher the designation and corresponding investigation.

11 10 Sensitivity Levels - Described Level 1 Basic For usual non- sensitive work NACI$88 Level 5 Sensitive,Low Borderline cases and limited scope NACIC$102 Level 5 Sensitive, moderate Some privileges, moderate scope MBI$425 Level 5 Sensitive, high Those with privileges and scope LBI$2070 Level 6 Very highest sensitivity Few unless application rating demands level BI$2505

12 11 Investigation Steps Person in a designated position is informed of requirement for investigation through PO via contractor management Person fills out forms and mails to NCI reviewer Renita Brooks – time is a factor NCI reviewer approves or rejects package based on completeness NCI reviewer signs cover letter and provides agency information, including CAN to pay for investigation

13 12 25A = BI, fast 35 day turnaround 20C = LBI, normal 120 day 15C = MBI NACI = 02B 5 = MBI or LBI 6 = BI 1 = NACI “Contractor” - plus additional title CAN # for providing budget – ex 83237__ 034A 371360063 FILL OUT BLOCKS A, C, G, I, J, L,O, P? NACI forms are signed by the Project Officer. MBI and LBI forms are signed by NIH. HE07 for SF-85 (NIH) HE00 for SF-86 Forms (HHS) HE00 for SF85P (HHS)

14 13 Processing the Package Level 1 NACI goes directly from Renita Brooks to OPM All other levels have a few additional stops –Renita sends the package to the NIH/OD –Cassandra Harris reviews and sends the package to the HHS Security Officer –HHS sends the packages to OPM –OPM communicates back to NIH, NCI –PO maintains records on file

15 14 The Investigation ‘Package’ HHS Credit Release Form Official Fingerprints SD 258 2 copies (NIH Police recommended) OF306, Declaration of Federal Employment (includes contractors) SF 85 or SF85P – Questionnaire for Public Trust Positions Resume of the candidate Cover letter with required authorities*

16 15 Recommendations Contracts should be modified now Position designations can be made now Start investigations processing The safe choice is to default to the higher level for IT position designations, e.g. MBI Forms available online http://ais.nci.nih.gov

17 16 NIH Investigations Contact NCI IT Security Review –Ms. Renita Brooks 301-451-5876 or brookr@mail.nih.gov brookr@mail.nih.gov NCI ISSO –Daniel Sands, Blaise Czekalski, Bruce Woodcock 301-496-1678 or NCIIRM@mail.nih.gov NCIIRM@mail.nih.gov NIH Div. of Security and Emergency Response –Ms. Cassandra Harris 301-451-4689 or harrisca@mail.nih.gov harrisca@mail.nih.gov

18 17 Action Items to IC’s –Modify contracts to include IT security clauses NIH IT Security Awareness Training Non-disclosure agreements Security designation and investigations System Security Plan (SSP) where applicable http://rcb-intranet.nci.nih.gov/workforms_set.htm –Include IT security language in new contracts –Designate all IT positions –Carry out suitability investigations

19

20

21

22

23

Download ppt "1 Acquisitions IT Security, and the Suitability Investigations Process February 2005 Daniel Sands NCI/OM/ISCS 301-496-1678"

Similar presentations

Office of University Partnerships Office of Policy Development and Research U.S. Department of Housing and Urban Development Office of University Partnerships.

Office of University Partnerships Office of Policy Development and Research U.S. Department of Housing and Urban Development Office of University Partnerships.
Personnel Background Investigations. Introduction The interests of the national security require that all persons privileged to be employed in the departments.

Personnel Background Investigations. Introduction The interests of the national security require that all persons privileged to be employed in the departments.
Introduction to Staff Personnel Files

Introduction to Staff Personnel Files
State and FBI Fingerprint Checks for Members and Staff

State and FBI Fingerprint Checks for Members and Staff
DHHS COE Meeting Agenda November, 2013 □Contract Compliance Reporting □Contract Update □Questions and Answers.

DHHS COE Meeting Agenda November, 2013 □Contract Compliance Reporting □Contract Update □Questions and Answers.
 Provider Manual Section 5.10. Provider Subcontracts: An approved subcontract is required when any part or requirement of a service as defined by the.

 Provider Manual Section Provider Subcontracts: An approved subcontract is required when any part or requirement of a service as defined by the.
Department of Health and Human Services Personal Identity Verification Training APPLICANT.

Department of Health and Human Services Personal Identity Verification Training APPLICANT.
Records Management Basics 1 Jasmine Sourignavong, Division of Records Management Tre Hargett, Secretary of State.

Records Management Basics 1 Jasmine Sourignavong, Division of Records Management Tre Hargett, Secretary of State.
“How can a contractor get a Badge” This information will assist you in the correct process to obtain a Badge for New Contractors.

“How can a contractor get a Badge” This information will assist you in the correct process to obtain a Badge for New Contractors.
1 Disclaimer The following information was presented by Andrew Levy of the Office of General Counsel of DHS on June 12, 2007 at the 2007 Chemical Sector.

1 Disclaimer The following information was presented by Andrew Levy of the Office of General Counsel of DHS on June 12, 2007 at the 2007 Chemical Sector.
For West Virginia Department of Education DISCLAIMER This PowerPoint presentation serves only as a snapshot of purchasing regulations. Please visit the.

For West Virginia Department of Education DISCLAIMER This PowerPoint presentation serves only as a snapshot of purchasing regulations. Please visit the.
Information Systems Security Officer

Information Systems Security Officer
Network Centric Enterprise Public Trust Information and Navy Enterprise Resource Planning Presented to the Small Business and Industry Outreach Initiative.

Network Centric Enterprise Public Trust Information and Navy Enterprise Resource Planning Presented to the Small Business and Industry Outreach Initiative.
U.S. Department of Agriculture HSPD 12 Program HSPD 12 Personal Identity Verification (PIV) I Core Training: Registrars.

U.S. Department of Agriculture HSPD 12 Program HSPD 12 Personal Identity Verification (PIV) I Core Training: Registrars.
** Deckplate training for Navy Sailors **.  On Thursday, 9 July, the Office of Personnel Management (OPM) announced a cyber incident exposed the federal.

** Deckplate training for Navy Sailors **.  On Thursday, 9 July, the Office of Personnel Management (OPM) announced a cyber incident exposed the federal.
Davis-Bacon, Related Acts, and Your Project Where you can locate the information needed to comply with Davis-Bacon and Related Acts 1.

Davis-Bacon, Related Acts, and Your Project Where you can locate the information needed to comply with Davis-Bacon and Related Acts 1.
OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil March 20, 2015 UNCLASSIFIED Industrial Security.

OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil March 20, 2015 UNCLASSIFIED Industrial Security.
1 eLOCCS Training: Operating Fund Payments Public Housing Financial Management Division Office of Public and Indian Housing US Department of Housing and.

1 eLOCCS Training: Operating Fund Payments Public Housing Financial Management Division Office of Public and Indian Housing US Department of Housing and.
Administration & Finance Summer 2008 Training Departments Purchasing, Payment Services & Travel Procard Financial Services Employee Relations & Development.

Administration & Finance Summer 2008 Training Departments Purchasing, Payment Services & Travel Procard Financial Services Employee Relations & Development.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Similar presentations

Ads by Google