Power Comm Module & Float Platform IAW Salients

FISMA 18-Point Checklist – IT Security Guidelines U.S. Geological Survey Office of Acquisition and Grants Questions to askoag@usgs.gov December 14, 2022 Page 1 of 6 COTS Hardware or Software Development or Maintenance of Custom Applications Outsourced IT Services or On-site Support Requirements herein are incorporated as part the Statement of Work/ Performance Work Statement: 1 N/A Background Investigations. The Contractor shall perform in accordance with clause “Security Requirements: Facility Access and Information Technology.” 2 N/A Non-disclosure Agreement. Prior to receiving access to USGS computers, contractor employees shall be required to sign nondisclosure or other system security agreements, depending on the systems to be used and level of access granted. Applies whenever any contractor employee has unsupervised access to a USGS system (even if only basic network, internet or email or will develop custom applications) such as: • User Access to USGS IT Systems known to contain sensitive or proprietary data Contractor will have • IT Support services (greater than user access) access to Privacy • Development or Maintenance of Custom Applications Act System of Records - Work • On-site contractor support and management of IT system • Off-site contractor Oversight and Management of IT System under this contract will involve design, • IT Security Services development or Privacy Act System: [ Identify covered system(s) to which the contractor operation of (access to) system(s) of records containing may have access] personal information protected by the Work to be performed: [Summarize nature of the contractor's use of such records, such as] Privacy Act (5 U.S.C. Section 552a). • User-level access to system containing protected records • Operation or maintenance of Privacy Act System of records or computers hosting such system • Design or modification of a Privacy Act system of records] The contractor is not required or permitted to respond to requests for Privacy Act data or to make decisions about releases of data under the Act. Contractor shall ensure its employees are instructed to safeguard against improper use or release of such data and advise them that violation of the Act may involve criminal penalties. The contractor will comply with FAR clause 52.224-2, Privacy Act, incorporated herein by reference and with DOI Privacy Act regulations at 43 CFR 2, Subpart D -- 1 of 6 -- FISMA 18-Point Checklist – IT Security Guidelines U.S. Geological Survey Office of Acquisition and Grants Questions to askoag@usgs.gov December 14, 2022 Page 2 of 6 COTS Hardware or Software Development or Maintenance of Custom Applications Outsourced IT Services or On-site Support Requirements herein are incorporated as part the Statement of Work/ Performance Work Statement: 3 N/A Training. The Contractor shall perform in accordance with clause “Security Requirements: Facility Access and Information Technology” - Contractor employees must successfully complete DOI’s end-user computer security awareness training prior to being granted access to DOI data or being issued a user account. Training must be renewed annually. Additionally, the contract employees must sign a Statement of Responsibility (SOR) that states they have read the appropriate Rules of Behavior and other applicable Information security policies. 4 N/A Personnel Changes. The Contractor shall perform in accordance with clause “Security Requirements: Facility Access and Information Technology” - The contractor must notify the COR immediately when an employee working on a DOI system is reassigned or leaves the contractor’s employ. Applies whenever any contractor employee has unsupervised access to a USGS system (even if only basic network, internet or email or will develop custom applications) such as: • User Access to USGS IT Systems known to contain sensitive or proprietary data • IT Support services (greater than user access) • Development or Maintenance of Custom Applications * • On-site contractor support and management of IT system • Off-site contractor Oversight and Management of IT System • IT Security Services * *May not be applicable for off-site performance. 5 N/A Contractor Location. The Contractor shall perform in accordance with clause “Security Requirements: Facility Access and Information Technology.” Applies whenever any contractor employee has unsupervised access to a USGS system (even if only basic network, internet or email or will develop custom applications) such as: • User Access to USGS IT Systems known to contain sensitive or proprietary data • IT Support services (greater than user access) • Development or Maintenance of Custom Applications • On-site contractor support and management of IT system • Off-site contractor Oversight and Management of IT System • IT Security Services No portion of the services to be performed hereunder may be performed outside the United States without the express written permission of the Contracting Officer. -- 2 of 6 -- FISMA 18-Point Checklist – IT Security Guidelines U.S. Geological Survey Office of Acquisition and Grants Questions to askoag@usgs.gov December 14, 2022 Page 3 of 6 T COTS Hardware or Software Development or Maintenance of Custom Applications Outsourced IT Services or On-site Support Requirements herein are incorporated as part the Statement of Work/ Performance Work Statement: If services are proposed to be performed abroad, the Contractor shall provide an acceptable security plan that addresses mitigation of problems related to communication, control, and protecting the confidentiality, integrity, and availability of IT systems and information. A Security Plan Template is available upon request from the Contracting Officer. 6 N/A N/A Applicable Standards. The Contractor shall perform in accordance with clause “Security Requirements: Facility Access and Information Technology” - Contractor must follow the DOI System Development Life Cycle (SDLC), NIST SP 800-64 and the D…