DOI published a Memorandum from the Department Chief Information Officer from the Office of the Secretary on August 18, 2004. This memorandum addressed what needs to happen to protect our data from harm when in the hands of contractors.
It is critical that our information be protected from uninvited disclosure or intentional corruption, and that our systems are secured against external attack to the maximum extent possible.
Who is Responsible?
IT security must be incorporated into all phases of program planning and execution, from budgeting to close-out. The cognizant Program Manager or IT System Owner has primary responsibility to assure that contractors comply with DOI security mandates.