Data Acquisition Security Requirements
DOI published a Memorandum from the Department Chief Information Officer from the Office of the Secretary on August 18, 2004. This memorandum addressed what needs to happen to protect our data from harm when in the hands of contractors.
What are the DOI Security Requirements for Data Acquisition?
It is critical that our information be protected from uninvited disclosure or intentional corruption, and that our systems are secured against external attack to the maximum extent possible. This memorandum established guidance that will help assure that our contractors perform in a manner consistent with DOI's security needs and mandates.
IT security must be incorporated into all phases of program planning and execution, from budgeting to close-out. The cognizant Program Manager or IT System Owner has primary responsibility to assure that contractors are aware of and comply with the DOI IT Security Program.
The Department's Office of the Chief Information Officer (OCIO) is responsible for providing policy, guidance, advice, and oversight for information security and also serves as the Senior Agency Official for Privacy (SAOP). The Department's Chief Information Security Officer (CISO), who serves as the senior agency information security officer, supports the OCIO in carrying out responsibilities specified by the Federal Information Security Management Act (FISMA) as delegated by the Secretary of the Interior. Those responsibilities include developing and maintaining the Department's overall information assurance (IT security and privacy) program and assisting in ensuring agency compliance with the requirements of FISMA, the Privacy Act, and related policies, procedures, standards, and guidelines.