Legacy Documentation: Security Requirements for Contractors Doing Business with the Department of Education

Security Requirements for Contractors Doing Business with the Department of Education (Legacy - Updated September 2021)

  • Baseline Standards [download files] PDF (525K)
  • Systems Inventory [download files] PDF (390K)
  • Required Authorization [download files] PDF (400K)
  • System Security Plan (SSP) Review Checklist [download files] PDF (397K)
  • Authorizing Officials (AO) [download files] PDF (340K)
  • Cybersecurity Risk Management Framework (CRMF) [download files] PDF (405K)
  • Information and Communications (ICT) Supply Chain Risk Management (SCRM) [download files] PDF (1.1M)
  • Encryption of Computing Devices [download files] PDF (450K)
  • Password Parameters [download files] PDF (440K)
  • User-Notification Warning Banner [download files] PDF (380K)
  • Digital Identity [download files] PDF (1.4M)
  • Separation of Duties [download files] PDF (425K)
  • User Account Re-certification [download files] PDF (375K)
  • Emergency PIV Alternate [download files] PDF (370K)
  • Identity, Credential, and Access Management (ICAM) [download files] PDF (385K)
  • Cybersecurity Awareness Training  [download files] PDF (320K)
  • Data Loss Prevention – Microsoft 365 [download files] PDF (570K)
  • International Travel and Use of Education IT Services [download files] PDF (365K)
  • Cyber Hygiene [download files] PDF (415K)
  • Ongoing Assessment & Authorization [download files] PDF (345K)
  • Vulnerability Management  [download files] PDF (400K)
  • Computer Crime Incident Reporting [download files] PDF (275K)

Security Requirements for Contractors Doing Business with the Department of Education (Legacy - Updated September 2020)

  • Security and Privacy Requirements for IT Procurements (September 29, 2020) [download files] PDF (499K)
Security Requirements for Contractors Doing Business with the Department of Education (Legacy - Updated May 2017)

Cybersecurity and Privacy Requirements (Updated)

  • Federal government information technology (IT) contracts must include requirements and clauses that address the cybersecurity and privacy controls that are specified in a number of publicly available guidance documents, standards, and laws. This includes the Federal Information Security Modernization Act (FISMA), the special publications and standards posted at the computer security website maintained by the National Institute of Standards and Technology (NIST), cybersecurity guidance publicly distributed via memoranda issued by the Office of Management and Budget (OMB), OMB Circular A-130, and various other related cybersecurity and privacy guidance that are posted on the Internet. Prospective bidders are encouraged to review the guidance listed in order to best prepare for bidding on government IT contracts work. The specific requirements for each contract may vary, and will be included in each solicitation. Internal staff at the Department should contact the Information Assurance Services (IAS) group at the Department’s Office of the Chief Information Officer (OCIO) for assistance in determining what specific cybersecurity and privacy requirements and clauses are required for the Department’s IT contracts.

Administrative Communications System Departmental Directive (Current)

  • Contractor Employee Personnel Security Screenings (OM: 5-101 - Internal Document)
Security Requirements for Contractors Doing Business with the Department of Education (Legacy)

For existing/current ED contracts, the legacy guidance is posted immediately below. For all new/future solicitations, the legacy guidance should not be used. The updated guidance posted further below should be used.

Administrative Communications System Handbook (Legacy)

  • Information Assurance Security Policy (OCIO-01) [download files] PDF (446K)
  • Information Security Incident Response and Reporting Procedures (OCIO-14) [download files] MS WORD (841K)
  • Protection of Sensitive But Unclassified Information (OCIO-15) [download files] MS WORD (259K)

Administrative Communications System Departmental Directive (Legacy)

  • Personal Use of Government Equipment (OCIO: 1-104) [download files] MS WORD (124K)
  • Lifecycle Management (LCM) Framework (OCIO: 1-106) [download files] PDF (652K)
  • Procuring Electronic and Information Technology (EIT) in Conformance with Section 508 of the Rehabilitation Act of 1973 (OCIO: 3-105) [download files] MS WORD (983K)

IT Security Awareness (Legacy)

  • Department of Education IT Security Awareness Training 2011 [download files] MS WORD (688K)

Privacy Safeguards (Legacy)

  • External Breach Notification Policy and Plan (OM:6-107) [download files] PDF (496K)


   
Last Modified: 02/25/2022