Overview
The NCI ISSO is part of the review process for acquisitions to evaluate if federal cybersecurity (FISMA) language needs to be included in the statement of work (SOW). In doing this review, the NCI ISSO makes determinations if:
- The acquisition involves one or more information technology (IT) systems
- If there is an IT system(s) involved, will it be a Federal system
- If there is a federal system involved, it will be subject to FISMA requirements
What kind of data will the system create, process, store, transmit, or receive?
If there is a federal system, determine categorization (impact level), either Low or Moderate – there are currently no High impact systems at NCI
Where will the system be hosted?
- If not, then no FISMA requirements apply, and the review is complete
- If there is a federal system involved, it will be subject to FISMA requirements
ISSO Pre-solicitation Checklist
Pre-solicitation Review
- Before request for proposal (RFP)
ISSO Pre-solicitation Checklist
Pre-Award Review
ISSO Pre-award Checklist