Computer Security Considerations in Federal Procurements: A Guide for ProcurementInitiators, Contracting Officers, and Computer Security Officials

摘要

The document provides guidance on including computer security considerations inthe acquisition phase of information resources management. It is intended to help agencies select and acquire cost-effective computer security by explaining how to include computer security requirements in federal information processing (FIP) procurements. The guideline has three parts. The first part is an introduction to the two disciplines: computer security (targeted for FIP procurement personnel); and FIP procurement (targeted for computer security personnel). These overviews provide sufficient knowledge to understand the legal, conceptual, and regulatory underpinnings of the document. The second part explains the integration of computer security into the FIP procurement process. The guideline also provides assistance on the selection of computer security features, assurances, and procedures. The third part of the document includes specifications and contract language for specific computer security features, assurances, and procedures that can be included in FIP procurements.