Section H 
prevent the compromise of DOC IT resources for all of the contractor's systems 
that are interconnected with a DOC network or DOC systems that are operated 
by the Contractor. 
(b)  
All Contractor personnel performing under this contract and Contractor 
equipment used to process or store DOC data, or to connect to DOC networks, 
must comply with the requirements contained in the DOC Information 
Technology Management Handbook 
(
http://www.osec.doc.gov/cio/itmhweb/itmhweb1.html
), or equivalent/more 
specific agency or bureau guidance as specified immediately hereafter [insert 
agency or bureau specific guidance, if applicable]. 
(c)  
For all Contractor owned systems for which performance of the contract requires 
interconnection with a DOC network or that DOC data be stored or processed on 
them, the Contractor Shall: 
(1) Provide, implement, and maintain an IT Security Plan. This plan shall 
describe the processes and procedures that will be followed to ensure 
appropriate security of IT resources that are developed, processed, or used 
under this contract. The plan shall describe those parts of the contract to which 
this clause applies. The Contractor's IT Security Plan shall comply with federal 
laws that include, but are not limited to, the Computer Security Act of 1987 (40 
U.S.C. 1441 et seq.) and the Federal Information Security Management Act of 
2002, Pub. L. No.107 347, 116 Stat. 2899, 2946 2961 (2002); Pub. L. No. 107 
296, 116 Stat. 2135, 2259 2273 (2002). 38 WEEKLY COMP. PRES. DOC. 51, 
2174 (Dec. 23, 2002) (providing statement by President George W. Bush 
regarding Federal Information Security Management Act of 2002). The plan shall 
meet IT security requirements in accordance with Federal and DOC policies and 
procedures that include, but are not limited to: 
(a) OMB Circular A 130, Management of Federal Information Resources, 
Appendix III, Security of Federal Automated Information Resources 
(
http://csrc.nist.gov/secplcy/a130app3.txt
); 
(b) National Institute of Standards and Technology Special Publication 
800 18, Guide for Developing Security Plans for Information Technology 
Systems (
http://csrc.nist.gov/publications/nistpubs/800 
18/Planguide.PDF
) ; and 
(c) DOC Procedures and Guidelines in the Information Technology 
Management Handbook 
(
http://www.osec.doc.gov/cio/itmhweb/itmhweb1.html
). 
(d) National Industrial Security Program Operating Manual (NISPOM) for 
classified systems (
http://www.dss.mil/isec/nispom.htm
); and 
(e) [Insert agency or bureau specific guidance]. 
(2) Within 14 days after contract award, the contractor shall submit for DOC 
approval a System Certification and Accreditation package, including the IT 
Security Plan and a system certification test plan, as outlined in DOC IT Security 
Program Policy, Sections 3.4 and 3.5 (
http://home.osec.doc.gov/DOC IT 
34




  

Home

About Services Network Support FAQ Order Contact
 

Web Hosting Streaming

Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting  Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting  Mac Web Hosting 

Lunarwebhost.net  Business web hosting division of Vision Web Hosting Inc. All rights reserved