The NCI Information System Security Officer (ISSO) is part of the review process for acquisitions to evaluate if federal cybersecurity (FISMA, FedRAMP, etc.) language needs to be included in the statement of work (SOW) for an upcoming request for proposal (RFP).
To complete this review there are three steps:
The pre-solicitation questionnaire gathers the required information for an upcoming RFP for the ISSO.
Please see the link to the ISSO Pre-solicitation Questionnaire below:
ISSO Pre-solicitation Questionnaire
In doing the Pre-sol review, the NCI ISSO makes determinations if:
Answers what kind of data will the system create, process, store, transmit, or receive?
Determines preliminary categorization (impact level) of either Low, Moderate, or High
Where will the system be hosted?
Please see the link to the ISSO Pre-solicitation Checklist below:
ISSO Pre-solicitation Checklist
Please see the link to the ISSO Pre-award Checklist below:
For Pre-solicitation and Pre-award questions, comments, or concerns please contact:
Name | Phone Number | Email Address | Role |
---|---|---|---|
Blaise Czekalski* | (301) 480-4216 | nciirm@mail.nih.gov | Primary Reviewer |
Craig Hayn* | (240) 276-5159 | nciirm@mail.nih.gov | 1st Alternate |
Karen Friend* | (240) 276-5055 | nciirm@mail.nih.gov | 2nd Alternate |
*as pre-solicitation and pre-award processes are inherently governmental and acquisitions sensitive, these individuals are Federal Employees and the NCI IRM email distribution list only contains Federal Employees.
For Post-award questions, comments, or concerns with regard to security-related deliverables and their review, please contact:
Name | Phone Number | Email Address | Role |
---|---|---|---|
Eric R. Scott+ | (240) 276-5287 | NCICBIITSecurity-Governance@mail.nih.gov | Cyber Governance, Risk, and Compliance Team Lead |
+The Cyber Governance, Risk, and Compliance Team is made completely up of Contractors, and the NCI Cyber Governance, Risk, and Compliance Team email distribution list only contains Contractor staff. As such, never send any pre-award documentation (to include pre-solicitation) to any individual listed here or to the NCI Cyber Governance, Risk, and Compliance Team email distribution list.