The NCI ISSO is part of the review process for acquisitions to evaluate if federal cybersecurity (FISMA) language needs to be included in the statement of work (SOW). In doing this review, the NCI ISSO makes determinations if:
What kind of data will the system create, process, store, transmit, or receive?
If there is a federal system, determine categorization (impact level), either Low or Moderate – there are currently no High impact systems at NCI
Where will the system be hosted?
ISSO Pre-solicitation Checklist
ISSO Pre-solicitation Checklist
ISSO Pre-award Checklist