Educause Security Discussion mailing list archives
Re: security requirements for research grants
From: Bob Mahoney <bobmah () MIT EDU>
Date: Thu, 10 Jul 2003 07:51:20 -0400
I was helping some of our Lab for Computer Science researchers recently with a grant app to the National Library of Medicine. In a follow-up to the original app, NLM asked for a number of clarifications regarding system and employee security info. The essential bits (minus some legalese) are below. -Bob -- The offeror's proposal must include: (1) A detailed outline (commensurate with the size and complexity of the requirements of the SOW) of its present and proposed Information Technology systems security program and demonstrate that it complies with the AISSP security requirements of the SOW, the Computer Security Act of 1987; Office of Management and Budget (OMB) Circular A-130, Appendix III, "Security of Federal Automated Information Systems;" and the DHHS AISSP Handbook. At a minimum, the offeror's proposed information technology systems security program must address the minimum requirements of a Security Level Designation Level 2 (Moderate Sensitivity) identified in the DHHS AISSP Handbook, Exhibit III-A, Matrix of Minimum Security Safeguards. (2) An acknowledgement of its understanding of the security requirements in the SOW. (3) Similar information for any proposed subcontractor having access to an AIS. Note that the following documents are electronically accessible: (1) OMB A-130, Appendix III: http://csrc.ncsl.nist.gov/secplcy/a130app3.txt (2) DHHS AISSP Handbook: http://irm.cit.nih.gov/policy/aissp.html (3) DHHS Personnel Security/Suitability Handbook http://www.hhs.gov/ohr/manual/pssh.pdf (4) NIH Applications/Systems Security Template: http://irm.cit.nih.gov/security/secplantemp.html (5) NIH CIT - Policies, Guidelines and Regulations Table 1 - Categories of Safeguarded Agency Information; Table 2 - Security Level Designations for Agency Information and Table 3 - Positions Sensitivity Designations for Individuals Accessing Agency Information http://www.cit.nih.gov/security-planning.asp ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- security requirements for research grants Steven Ferris (Jul 09)
- <Possible follow-ups>
- Re: security requirements for research grants Randy Marchany (Jul 09)
- Re: security requirements for research grants Bob Mahoney (Jul 10)