USGS - science for a changing world

USGS Data Management

Acquire > Data Acquisition Security Requirements

U. S. Geological Survey Data Lifecycle Diagram Plan Acquire Preserve Publish/Share Describe (Metadata and Documentation) Manage Quality Backup and Secure
USGS Data Lifecycle Diagram

Data Acquisition Security Requirements

DOI published a Memorandum from the Department Chief Information Officer from the Office of the Secretary on August 18, 2004. This memorandum addressed what needs to happen to protect our data from harm when in the hands of contractors.

What are the DOI Security Requirements for Data Acquisition?

Key Points

  • Background Investigations
  • Non-Disclosure Agreements
  • IT Security Training
  • Notification of Personnel Changes
  • Report Security Incidents
  • Complete Certification & Accreditation
  • Have an IT Contingency Plan
  • Federal Government Owns Intellectual Property Rights (to extent practical)

It is critical that our information be protected from uninvited disclosure or intentional corruption, and that our systems are secured against external attack to the maximum extent possible. This memorandum established guidance that will help assure that our contractors perform in a manner consistent with DOI's security needs and mandates.

IT security must be incorporated into all phases of program planning and execution, from budgeting to close-out. The cognizant Program Manager or IT System Owner has primary responsibility to assure that contractors are aware of and comply with the DOI IT Security Program.

DOI IT Security Program

The Department's Office of the Chief Information Officer (OCIO) is responsible for providing policy, guidance, advice, and oversight for information security and also serves as the Senior Agency Official for Privacy (SAOP). The Department's Chief Information Security Officer (CISO), who serves as the senior agency information security officer, supports the OCIO in carrying out responsibilities specified by the Federal Information Security Management Act (FISMA) as delegated by the Secretary of the Interior. Those responsibilities include developing and maintaining the Department's overall information assurance (IT security and privacy) program and assisting in ensuring agency compliance with the requirements of FISMA, the Privacy Act, and related policies, procedures, standards, and guidelines.

  • These guidelines are intended to provide representative examples and stimulate thoughtful analysis, but are not comprehensive lists of every possible task that might arise.

  • When a contractor is expected to design, develop, operate, use, or maintain data, we must take particular care to address IT security concerns in the solicitation and contract.

  • All IT and telecommunications related contracts must incorporate appropriate IT security requirements.

  • Existing contracts must be reviewed for compliance with the DOI Security Program. Contracts that are found not to be in compliance must be modified as soon as possible, unless compliance is documented as being unreasonable or not cost-effective when balanced against risk.

Recommended Reading

References

  • Chatfield, T., Selbach, R. February, 2011. Data Management for Data Stewards. Data Management Training Workshop. Bureau of Land Management (BLM).

Can't open pdf files? Get Adobe Acrobat Reader.

Accessibility FOIA Privacy Policies and Notices

Take Pride in America logo USA.gov logo U.S. Department of the Interior | U.S. Geological Survey
URL: http://origin-www.usgs.gov/datamanagement/acquire/security.php
Page Contact Information: Email Us
Page Last Modified: Tuesday, April 08, 2014