Data Acquisition Security Requirements

DOI IT Security Program 

The Department's Office of the Chief Information Officer (OCIO) is responsible for providing policy, guidance, advice, and oversight for information security and also serves as the Senior Agency Official for Privacy (SAOP). The Department's Chief Information Security Officer (CISO), who serves as the senior agency information security officer, supports the OCIO in carrying out responsibilities specified by the Federal Information Security Management Act (FISMA) as delegated by the Secretary of the Interior. Those responsibilities include developing and maintaining the Department's overall information assurance (IT security and privacy) program and assisting in ensuring agency compliance with the requirements of FISMA, the Privacy Act, and related policies, procedures, standards, and guidelines.

• These guidelines are intended to provide representative examples and stimulate thoughtful analysis, but are not comprehensive lists of every possible task that might arise.
• When a contractor is expected to design, develop, operate, use, or maintain data, we must take particular care to address IT security concerns in the solicitation and contract.
• All IT and telecommunications related contracts must incorporate appropriate IT security requirements.
• Existing contracts must be reviewed for compliance with the DOI Security Program. Contracts that are found not to be in compliance must be modified as soon as possible, unless compliance is documented as being unreasonable or not cost-effective when balanced against risk.

References 

• Chatfield, T., Selbach, R. February, 2011. Data Management for Data Stewards. Data Management Training Workshop. Bureau of Land Management (BLM).
• U.S. Department of the Interior Office of Chief Information Officer - Information Assurance Division Overview.