Overview

The NCI ISSO it is part of the review process for for acquisitions to evaluate if federal cybersecurity (FISMA) language needs to be included in the statement of work (SOW).  In doing this review, the NCI ISSO makes determinations if:

• The acquisition involves one or more information technology (IT) systems
• If there is an IT system(s) involved, will it be a Federal system
  • If there is a federal system involved, it will be subject to FISMA requirements
  • If not, then no FISMA requirements apply, and the review is complete

ISSO Pre-solicitation Checklist

Pre-solicitation Review

• Before request for proposal (RFP)

ISSO Pre-solicitation Checklist

Pre-Award Review

ISSO Pre-award Checklist

...