Common use of Functional Area 4 - Security Clause in Contracts

Functional Area 4 - Security. The NRC Computer Security Staff is charged with a variety of functions related to the task of protecting NRC data, transmission links, and infrastructure. This functions are based primarily on the requirements contained in Public Law 100-235, "Computer Security Act of 1987" to develop security plans, The Office of Management and Budget (OMB) published guidance for the executive branch in OMB Circular A-1 30, "Management of Federal Information Resources", Appendix III, "Security of Federal Automated Information Resources" updated in 1996, and NRC's Management Directive 12.5. In addition, Presidential Decision Directive (PDD) 63 specifies department/agency responsibilities to ensure they eliminate any significant vulnerability to cyber attacks on critical cyber systems. The contractor shall provide technical support for the following task areas: * Task Area 1 - Critical Infrastructure Asset Identification Provides technical support to assist the NRC to review, identify, itemize and document components, processes and information considered critical to the organizational mission. Task Area 2 - Risk Management (Vulnerability Assessment and Threat Identification) Provide technical support to assist the NRC in all aspects of risk management. The contractor shall perform those services necessary to determine the level and types of security controls necessary to adequately and cost effectively protect the NRC IT infrastructure. Task Area 3 - Critical Infrastructure Continuity and Contingency Planning Provide technical support to the NRC with all aspects of the procurement of goods and/or services to guard against disruption of critical functions and services specific to agencies and departments of the federal government. Continuity and Contingency Planning focuses on the critical functions and services provided by the NRC, and delineates recovery activities should a critical capability be lost or unacceptably degraded. Task Area 4 - Physical Infrastructure Protection Provide technical support to assist the NRC in all aspects of physical security and control as the first line of defense for protecting components the NRC's critical infrastructure and is essential to the successful operation of computer and telecommunications systems and the protection/preservation of critical infrastructures. * Task Area 5 - Information Systems Security and Information Assurance Provide technical support to assist the NRC with all aspects of planning, engineering, fielding and operating secure information technology systems and resources including network penetration testing.' Task Area 6 - Emergency Preparedness, Awareness Training, Exercises and Simulation Provide the NRC with technical support to assist the NRC with all aspects of Security Awareness and Training. The contractor shall develop or recommend security awareness training, security awareness documentation, and specialized security training appropriate for the NRC.

Functional Area 4 - Security. The NRC Computer Security Staff is charged with a variety of functions related to the task of protecting NRC data, transmission links, and infrastructure. This functions are based primarily on the requirements contained in Public Law 100-235, "Computer Security Act of 1987" to develop security plans, The Office of Management and Budget (OMB) published guidance for the executive branch in OMB Circular A-1 30A-130, "Management of Federal Information Resources", Appendix III, "Security of Federal Automated Information Resources" updated in 1996, and NRC's Management Directive 12.5. In addition, Presidential Decision Directive (PDD) 63 specifies department/agency responsibilities to ensure they eliminate any significant vulnerability to cyber attacks on critical cyber systems. The contractor shall provide technical support for the following task areas: * "• Task Area 1 - Critical Infrastructure Asset Identification Provides technical support to assist the NRC to review, identify, itemize and document components, processes and information considered critical to the organizational mission. " Task Area 2 - Risk Management (Vulnerability Assessment and Threat Identification) Provide technical support to assist the NRC in all aspects of risk management. The contractor shall perform those services necessary to determine the level and types of security controls necessary to adequately and cost effectively protect the NRC IT infrastructure. Task Area 3 - Critical Infrastructure Continuity and Contingency Planning Provide technical support to the NRC with all aspects of the procurement of goods and/or services to guard against disruption of critical functions and services specific to agencies and departments of the federal government. Continuity and Contingency Planning focuses on the critical functions and services provided by the NRC, and delineates recovery activities should a critical capability be lost or unacceptably degraded. Task Area 4 - Physical Infrastructure Protection Provide technical support to assist the NRC in all aspects of physical security and control as the first line of defense for protecting components the NRC's critical infrastructure and is essential to the successful operation of computer and telecommunications systems and the protection/preservation of critical infrastructures. * Task Area 5 - Information Systems Security and Information Assurance Provide technical support to assist the NRC with all aspects of planning, engineering-engineering, fielding and operating secure information technology systems and resources including network penetration testing.' . Task Area 6 - Emergency Preparedness, Awareness Training, Exercises and Simulation Provide the NRC with technical support to assist the NRC with all aspects of Security Awareness and Training. The contractor shall develop or recommend security awareness training, security awareness documentation, and specialized security training appropriate for the NRC.

Functional Area 4 - Security. The NRC Computer Security Staff is charged with a variety of functions related to the task of protecting NRC data, transmission links, and infrastructure. This functions are based primarily on the requirements contained in Public Law 100-235, "Computer Security Act of 1987" to develop security plans, The Office of Management and Budget (OMB) published guidance for the executive branch in OMB Circular A-1 30A-130, "Management of Federal Information Resources", Appendix IIIIll, "Security of Federal Automated Information Resources" updated in 1996, and NRC's Management Directive 12.5. In addition, Presidential Decision Directive (PDD) 63 specifies department/agency responsibilities to ensure they eliminate any significant vulnerability to cyber attacks on critical cyber systems. The contractor shall provide technical support for the following task areas: "* Task Area 1 - Critical Infrastructure Asset Identification Provides technical support to assist the NRC to review, identify, itemize and document components, processes and information considered critical to the organizational mission. "* Task Area 2 - Risk Management (Vulnerability Assessment and Threat Identification) Provide technical support to assist the NRC in all aspects of risk management. The contractor shall perform those services necessary to determine the level and types of security controls necessary to adequately and cost effectively protect the NRC IT infrastructure. " Task Area 3 - Critical Infrastructure Continuity and Contingency Planning Provide technical support to the NRC with all aspects of the procurement of goods and/or services to guard against disruption of critical functions and services specific to agencies and departments of the federal government. Continuity and Contingency Planning focuses on the critical functions and services provided by the NRC, and delineates recovery activities should a critical capability be lost or unacceptably degraded. Task Area 4 - Physical Infrastructure Protection Provide technical support to assist the NRC in all aspects of physical security secority and control as the first line of defense for protecting components the NRC's critical infrastructure and is essential to the successful operation of computer and telecommunications systems and the protection/preservation of critical infrastructures. * Task Area 5 - Information Systems Security and Information Assurance Provide technical support to assist the NRC with all aspects of planning, engineering, fielding and operating secure information technology systems and resources including network penetration testing.' . Task Area 6 - Emergency Preparedness, Awareness Training, Exercises and Simulation Provide the NRC with technical support to assist the NRC with all aspects of Security Awareness and Training. The contractor shall develop or recommend security awareness training, security awareness documentation, and specialized security training appropriate for the NRC.

Functional Area 4 - Security. The NRC Computer Security Staff is charged with a variety of functions related to the task of protecting NRC data, transmission links, and infrastructure. This functions are based primarily on the requirements contained in Public Law 100-235, "Computer Security Act of 1987" to develop security plans, The Office of Management and Budget (OMB) published guidance for the executive branch in OMB Circular A-1 30, "Management of Federal Information Resources", Appendix IIIIll, "Security of Federal Automated Information Resources" updated in 1996, and NRC's Management Directive 12.5. In addition, Presidential Decision Directive (PDD) 63 specifies department/agency responsibilities to ensure they eliminate any significant vulnerability to cyber attacks on critical cyber systems. The contractor shall provide technical support for the following task areas: "* Task Area 1 - Critical Infrastructure Asset Identification Provides technical support to assist the NRC to review, identify, itemize and document components, processes and information considered critical to the organizational mission. " Task Area 2 - Risk Management (Vulnerability Assessment and Threat Identification) Provide technical support to assist the NRC in all aspects of risk management. The contractor shall perform those services necessary to determine the level and types of security controls necessary to adequately and cost effectively protect the NRC IT infrastructure. " Task Area 3 - Critical Infrastructure Continuity and Contingency Planning Provide technical support to the NRC with all aspects of the procurement of goods and/or services to guard against disruption of critical functions and services specific to agencies and departments of the federal government. Continuity and Contingency Planning focuses on the critical functions and services provided by the NRC, and delineates recovery activities should a critical capability be lost or unacceptably degraded. Task Area 4 - Physical Infrastructure Protection Provide technical support to assist the NRC in all aspects of physical security and control as the first line of defense for protecting components the NRC's critical infrastructure and is essential to the successful operation of computer and telecommunications systems and the protection/preservation of critical infrastructures. * Task Area 5 - Information Systems Security and Information Assurance Provide technical support to assist the NRC N-IC with all aspects of planning, engineering, fielding and operating secure information technology systems and resources including network penetration testing.' . Task Area 6 - Emergency Preparedness, Awareness Training, Exercises and Simulation Provide the NRC with technical support to assist the NRC with all aspects of Security Awareness and Training. The contractor shall develop or recommend security awareness training, security awareness documentation, and specialized security training appropriate for the NRC.

Functional Area 4 - Security. The NRC Computer Security Staff is charged with a variety of functions related to the task of protecting NRC data, transmission links, and infrastructure. This functions are based primarily on the requirements contained in Public Law 100-235, "Computer Security Act of 1987" to develop security plans, The Office of Management and Budget (OMB) published guidance for the executive branch in OMB Circular A-1 30A-130, "Management of Federal Information Resources", Appendix IIIIll, "Security of Federal Automated Information Resources" updated in 1996, and NRC's Management Directive 12.5. In addition, Presidential Decision Directive (PDD) 63 specifies department/agency responsibilities to ensure they eliminate any significant vulnerability to cyber attacks on critical cyber systems. The contractor shall provide technical support for the following task areas: * "° Task Area 1 - Critical Infrastructure Asset Identification Provides technical support to assist the NRC to review, identify, itemize and document components, processes and information considered critical to the organizational mission. " Task Area 2 - Risk Management (Vulnerability Assessment and Threat Identification) Provide technical support to assist the NRC in all aspects of risk management. The contractor shall perform those services necessary to determine the level and types of security controls necessary to adequately and cost effectively protect the NRC IT infrastructure. " Task Area 3 - Critical Infrastructure Continuity and Contingency Planning Provide technical support to the NRC with all aspects of the procurement of goods and/or services to guard against disruption of critical functions and services specific to agencies and departments of the federal government. Continuity and Contingency Planning focuses on the critical functions and services provided by the NRC, and delineates recovery activities should a critical capability be lost or unacceptably degraded. " Task Area 4 - Physical Infrastructure Protection Provide technical support to assist the NRC in all aspects of physical security and control as the first line of defense for protecting components the NRC's critical infrastructure and is essential to the successful operation of computer and telecommunications systems and the protection/preservation of critical infrastructures. * Task Area 5 - Information Systems Security and Information Assurance Provide technical support to assist the NRC with all aspects of planning, ; engineering, fielding and operating secure information technology systems and resources including network penetration testing.' . Task Area 6 - Emergency Preparedness, Awareness Training, Exercises and Simulation Provide the NRC with technical support to assist the NRC with all aspects of Security Awareness and Training. The contractor shall develop or recommend security awareness training, security awareness documentation, and specialized security training appropriate for the NRC.

Functional Area 4 - Security. The NRC Computer Security Staff is charged with a variety of functions related to the task of protecting NRC data, transmission links, and infrastructure. This functions are based primarily on the requirements contained in Public Law 100-235, "Computer Security Act of 1987" to develop security plans, The Office of Management and Budget (OMB) published guidance for the executive branch in OMB Circular A-1 30, "Management of Federal Information Resources", Appendix IIIIll, "Security of Federal Automated Information Resources" updated in 1996, and NRC's Management Directive 12.5. In addition, Presidential Decision Directive (PDD) 63 specifies department/agency responsibilities to ensure they eliminate any significant vulnerability to cyber attacks on critical cyber systems. The contractor shall provide technical support for the following task areas: * ° Task Area 1 - Critical Infrastructure Asset Identification Provides technical support to assist the NRC to review, identify, itemize and document components, processes and information considered critical to the organizational mission. Task Area 2 - Risk Management (Vulnerability Assessment and Threat Identification) Provide technical support to assist the NRC in all aspects of risk management. The contractor shall perform those services necessary to determine the level and types of security controls necessary to adequately and cost effectively protect the NRC IT infrastructure. Task Area 3 - Critical Infrastructure Continuity and Contingency Planning Provide technical support to the NRC with all aspects of the procurement of goods and/or services to guard against disruption of critical functions and services specific to agencies and departments of the federal government. Continuity and Contingency Planning focuses on the critical functions and services provided by the NRC, and delineates recovery activities should a critical capability be lost or unacceptably degraded. Task Area 4 - Physical Infrastructure Protection Provide technical support to assist the NRC in all aspects of physical security secLurity and control as the first line of defense for protecting components the NRC's critical infrastructure and is essential to the successful operation of computer and telecommunications systems and the protection/preservation of critical infrastructures. * Task Area 5 - Information Systems Security and Information Assurance Provide technical support to assist the NRC with all aspects of planning, engineering, fielding and operating secure information technology systems and resources including network penetration testing.' . Task Area 6 - Emergency Preparedness, Awareness Training, Exercises and Simulation Provide the NRC with technical support to assist the NRC with all aspects of Security Awareness and Training. The contractor shall develop or recommend security awareness training, security awareness documentation, and specialized security training appropriate for the NRC.