Checklist to Assess Security in IT Contracts
This whitepaper examines the security threats and Information Technology (IT) security requirements associated with contracted IT services, websites, outsourced business processing and on-demand applications. When Government agencies contract for these services, agency Chief Information Officers (CIO), Chief Information Security Officers (CISO) and System Owners must ensure that Federal government information and services are adequately protected and in compliance with a series of national security policies and standards. This paper provides a checklist for system owners and security professionals to assist in reviewing current contracts and aid in planning for new acquisitions. Industry standard alternatives to the Federal government security frameworks are also presented as a means to aid in determining potential usage.