Section H 


prevent the compromise of DOC IT resources for all of the contractor's systems 


that are interconnected with a DOC network or DOC systems that are operated 


by the Contractor. 


(b)  


All Contractor personnel performing under this contract and Contractor 


equipment used to process or store DOC data, or to connect to DOC networks, 


must comply with the requirements contained in the DOC Information 


Technology Management Handbook 


(


http://www.osec.doc.gov/cio/itmhweb/itmhweb1.html


), or equivalent/more 


specific agency or bureau guidance as specified immediately hereafter [insert 


agency or bureau specific guidance, if applicable]. 


(c)  


For all Contractor owned systems for which performance of the contract requires 


interconnection with a DOC network or that DOC data be stored or processed on 


them, the Contractor Shall: 


(1) Provide, implement, and maintain an IT Security Plan. This plan shall 


describe the processes and procedures that will be followed to ensure 


appropriate security of IT resources that are developed, processed, or used 


under this contract. The plan shall describe those parts of the contract to which 


this clause applies. The Contractor's IT Security Plan shall comply with federal 


laws that include, but are not limited to, the Computer Security Act of 1987 (40 


U.S.C. 1441 et seq.) and the Federal Information Security Management Act of 


2002, Pub. L. No.107 347, 116 Stat. 2899, 2946 2961 (2002); Pub. L. No. 107 


296, 116 Stat. 2135, 2259 2273 (2002). 38 WEEKLY COMP. PRES. DOC. 51, 


2174 (Dec. 23, 2002) (providing statement by President George W. Bush 


regarding Federal Information Security Management Act of 2002). The plan shall 


meet IT security requirements in accordance with Federal and DOC policies and 


procedures that include, but are not limited to: 


(a) OMB Circular A 130, Management of Federal Information Resources, 


Appendix III, Security of Federal Automated Information Resources 


(


http://csrc.nist.gov/secplcy/a130app3.txt


); 


(b) National Institute of Standards and Technology Special Publication 


800 18, Guide for Developing Security Plans for Information Technology 


Systems (


http://csrc.nist.gov/publications/nistpubs/800 


18/Planguide.PDF


) ; and 


(c) DOC Procedures and Guidelines in the Information Technology 


Management Handbook 


(


http://www.osec.doc.gov/cio/itmhweb/itmhweb1.html


). 


(d) National Industrial Security Program Operating Manual (NISPOM) for 


classified systems (


http://www.dss.mil/isec/nispom.htm


); and 


(e) [Insert agency or bureau specific guidance]. 


(2) Within 14 days after contract award, the contractor shall submit for DOC 


approval a System Certification and Accreditation package, including the IT 


Security Plan and a system certification test plan, as outlined in DOC IT Security 


Program Policy, Sections 3.4 and 3.5 (


http://home.osec.doc.gov/DOC IT 


34






  

    

      

    
    
Home

    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    

    

     
    Web Hosting Streaming



    

    

    

      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved