The NCI Information System Security Officer (ISSO) is part of the review process for acquisitions to evaluate if federal cybersecurity (FISMA, FedRAMP, etc.) language needs to be included in the statement of work (SOW). In doing this review, the NCI ISSO makes determinations if:
What kind of data will the system create, process, store, transmit, or receive?
If there is a federal system, determine categorization (impact level), either Low, Moderate, or High
Where will the system be hosted?
To complete this review there are three steps:
The pre-solicitation questionnaire gathers the required information for an upcoming RFP for the ISSO.
Please see the link to the ISSO Pre-solicitation Questionnaire below:
ISSO Pre-solicitation Questionnaire
Please see the link to the ISSO Pre-solicitation Checklist below:
ISSO Pre-solicitation Checklist
Please see the link to the ISSO Pre-award Checklist below: