Common use of IA/Cybersecurity Personnel Requirements and IT Position Categories Clause in Contracts

IA/Cybersecurity Personnel Requirements and IT Position Categories. 1. In accordance with DoD 8570.1-M, Information Assurance Workforce Improvement Program and the Defense Federal Acquisition Regulation Supplement 252.239-7001 supporting personnel must comply with certification and training requirements on the date of contract award. All new personnel must meet the certification requirements before starting work on the contract. • The Contractor shall ensure that personnel accessing information systems have the proper and current information assurance certification to perform information assurance functions in accordance with DoD 8570.01-M, Information Assurance Workforce Improvement Program. The Contractor shall meet the applicable information assurance certification requirements, including- o DoD-approved information assurance workforce certifications appropriate for each category and level as listed in the current version of DoD 8570.01-M; and o Appropriate operating system certification for information assurance technical positions as required by DoD 8570.01-M. • Upon request by the Government, the Contractor shall provide documentation supporting the information assurance certification status of personnel performing information assurance functions. • Contractor personnel who do not have proper and current certifications shall be denied access to DoD information systems for the purpose of performing information assurance functions. • The Contractor Information System Support Lead must have an IA Management Level 3 Certification in accordance with DoD 8570.-M and maintain the certification throughout the life of the contract (refer to: ▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/iawip/Pages/iabaseline.aspx). Acceptable certifications are: o CISSP – Certified Information Systems Security Professional (Preferred) o GSLC – Global Information Assurance Certification (GIAC) Security Leadership Certificate o CISM - Certified Information Security Manager • Personnel supporting IA/Cybersecurity must have the IA Technical Level 3 Certification in accordance with DoD 8750.1M and maintain the certification throughout the life of the contract (refer to ▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/iawip/Pages/iabaseline.aspx). Acceptable certifications are: o CISSP – Certified Information Systems Security Professional (Preferred) o GCIH – Global Information Assurance Certification (GIAC) Certified Incident Handler o GCED – GIAC Certified Enterprise Defender o CISA – Certified Information Systems Auditor o CASP – CompTIA Advanced Security Practitioner • Other IA personnel must have IA Management Level 2 Certification in accordance with 8570.1-M and maintain the certification throughout the life of the contract (refer to: ▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/iawip/Pages/iabaseline.aspx). Acceptable certifications are: o CISSP – Certified Information Systems Security Professional (Preferred) o GSLC – Global Information Assurance Certification (GIAC) Security Leadership Certificate o CISM - Certified Information Security Manager o CAP – Certified Authorization Professional o CASP - CompTIA Advanced Security Practitioner • Additional IA support personnel prerequisites besides the DoD 8570.01-M qualifications include the following: o Citizenship - All Contractor IA support personnel must be United States Citizens o Clearance - A Fully and Successfully Adjudicated NACLC background investigation necessary to achieve the clearance eligibility required for all GCSS-MC Operations Center (GOC) support and IA personnel, necessary for the performance of their duties, is required at the time of proposal submission. An Interim Secret Clearance eligibility or higher is required to start work. Other billets may also require a fully and successfully adjudicated background investigation and clearance eligibility as required for these positions by ▇▇▇▇ 8500.2, and SECNAV Manual 5510.30. Pursuant to ▇▇▇▇ 8500.01, DoD 8570.01-M, SECNAVINST 5510.30, SECNAV M-5239.2, and applicable to unclassified DoD information systems, a designator is assigned to certain individuals that indicates the level of IT access required to execute the responsibilities of the position based on the potential for an individual assigned to the position to adversely impact DoD missions or functions. As defined in DoD 5200.2-R, SECNAVINST 5510.30 and SECNAV M-5510.30, two basic DoN IT levels/Position categories are pertinent for this effort: • IT-II (Limited Privileged, sensitive information) • IT-III (Non-Privileged, no sensitive information) Note: The term IT Position is synonymous with the older term Automated Data Processing (ADP) Position (as used in DoD 5200.2-R, Appendix 10).

IA/Cybersecurity Personnel Requirements and IT Position Categories. 1. In accordance with DoD 8570.1-M, Information Assurance Workforce Improvement Program and the Defense Federal Acquisition Regulation Supplement 252.239-7001 supporting personnel must comply with certification and training requirements on the date of contract award. All new personnel must meet the certification requirements before starting work on the contract. • The Contractor shall ensure that personnel accessing information systems have the proper and current information assurance certification to perform information assurance functions in accordance with DoD 8570.01-M, Information Assurance Workforce Improvement Program. The Contractor shall meet the applicable information assurance certification requirements, including- o DoD-approved information assurance workforce certifications appropriate for each category and level as listed in the current version of DoD 8570.01-M; and o Appropriate operating system certification for information assurance technical positions as required by DoD 8570.01-M. • Upon request by the Government, the Contractor shall provide documentation supporting the information assurance certification status of personnel performing information assurance functions. • Contractor personnel who do not have proper and current certifications shall be denied access to DoD information systems for the purpose of performing information assurance functions. • The Contractor Information System Support Lead must have an IA Management Level 3 Certification in accordance with DoD 8570.-M and maintain the certification throughout the life of the contract (refer to: ▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/iawip/Pages/iabaseline.aspx). Acceptable certifications are: o CISSP – Certified Information Systems Security Professional (Preferred) o GSLC – Global Information Assurance Certification (GIAC) Security Leadership Certificate o CISM - Certified Information Security Manager • Personnel supporting IA/Cybersecurity must have the IA Technical Level 3 Certification in accordance with DoD 8750.1M and maintain the certification throughout the life of the contract (refer to ▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/iawip/Pages/iabaseline.aspx). Acceptable certifications are: o CISSP – Certified Information Systems Security Professional (Preferred) o GCIH – Global Information Assurance Certification (GIAC) Certified Incident Handler o GCED – GIAC Certified Enterprise Defender o CISA – Certified Information Systems Auditor o CASP – CompTIA Advanced Security Practitioner • Other IA personnel must have IA Management Level 2 Certification in accordance with 8570.1-M and maintain the certification throughout the life of the contract (refer to: ▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/iawip/Pages/iabaseline.aspx). Acceptable certifications are: o CISSP – Certified Information Systems Security Professional (Preferred) o GSLC – Global Information Assurance Certification (GIAC) Security Leadership Certificate o CISM - Certified Information Security Manager o CAP – Certified Authorization Professional o CASP - CompTIA Advanced Security Practitioner • Additional IA support personnel prerequisites besides the DoD 8570.01-M qualifications include the following: o Citizenship - All Contractor IA support personnel must be United States Citizens o Clearance - A Fully and Successfully Adjudicated NACLC background investigation necessary to achieve the clearance eligibility required for all GCSS-MC Operations Center (GOC) support and IA personnel, necessary for the performance of their duties, is required at the time of proposal submissioncontract award. An Interim Secret Clearance eligibility or higher is required to start work. Other billets may also require a fully and successfully adjudicated background investigation and clearance eligibility as required for these positions by ▇▇▇▇ 8500.2, and SECNAV Manual 5510.30. Pursuant to ▇▇▇▇ 8500.01, DoD 8570.01-M, SECNAVINST 5510.30, SECNAV M-5239.2, and applicable to unclassified DoD information systems, a designator is assigned to certain individuals that indicates the level of IT access required to execute the responsibilities of the position based on the potential for an individual assigned to the position to adversely impact DoD missions or functions. As defined in DoD 5200.2-R, SECNAVINST 5510.30 and SECNAV M-5510.30, two basic DoN IT levels/Position categories are pertinent for this effort: • IT-II (Limited Privileged, sensitive information) • IT-III (Non-Privileged, no sensitive information) Note: The term IT Position is synonymous with the older term Automated Data Processing (ADP) Position (as used in DoD 5200.2-R, Appendix 10).