Overview

The NCI ISSO is part of the review process for acquisitions to evaluate if federal cybersecurity (FISMA) language needs to be included in the statement of work (SOW).  In doing this review, the NCI ISSO makes determinations if:

• The acquisition involves one or more information technology (IT) systems
• If there is an IT system(s) involved, will it be a Federal system
  • If there is a federal system involved, it will be subject to FISMA requirements

    • What kind of data will the system create, process, store, transmit, or receive? 

    • If there is a federal system, determine categorization (impact level), either Low or Moderate – there are currently no High impact systems at NCI

    • Where will the system be hosted?

  • If not, then no FISMA requirements apply, and the review is complete

ISSO Pre-solicitation Checklist

Pre-solicitation Review

• Before request for proposal (RFP)

ISSO Pre-solicitation Checklist

Pre-Award Review

ISSO Pre-award Checklist