·       Provide engineering and technical support to ensure the 67 CW systems and their components achieve initial and recurring accreditation. 

·       Support and meet all requirements for Risk Management Framework (RMF) for DoD Information Technology (IT) and Federal Information Security Management Act (FISMA) Reporting.

·       Provide engineering and technical support for the Assessment & Authorization (A&A) standards and processes to achieve uniform quality and a level of consistency throughout the life cycle of the systems. The contractor shall provide the necessary written documentation, technical drawings/diagrams, or spreadsheets to support the C&A process.

·       Provide the RMF surveys and document responses into the Enterprise Information Technology Data Repository (EITDR). The contractor shall ensure the RMF questions are answered to meet or exceed the common minimum standards as required to support annual FISMA reporting requirements.

·       Develop RMF certification packages for accreditation approval and/or maintaining Authority to Operate. The contractor shall develop written documentation, technical diagrams/drawings as part of the RMF A&A package build.

·       Develop (Based on requirements provided, individuals will be requested to research and develop products not already captured), review, document and finalize requirements necessary to satisfy DoD IA controls.

·       Develop the necessary scientific/technical reports, technical drawings/diagrams, and spreadsheets required to satisfy DoD IA controls.

·       Ensure implementation of information security measures and procedures, including reporting incidents to the IA Officer and appropriate reporting chains.

·       Coordinate system-level responses to unauthorized disclosures.

·       Implement and enforce all DoD Information System (IS) and Platform Information Technology (PIT) system cybersecurity policies and procedures, as defined by cybersecurity-related documentation.

·       Ensure that all users have the requisite security clearances and access authorization and are aware of their cybersecurity responsibilities for DoD IS and PIT systems under their purview before being granted access to those systems.

·       In coordination with the Information System Security Manager, initiate protective or corrective measures when a cybersecurity incident or vulnerability is discovered and ensure that a process is in place for authorized users to report all cybersecurity- related events and potential threats and vulnerabilities to the Information System Security Officer (ISSO).

·       Ensure that all DoD IS cybersecurity-related documentation is current and accessible to properly authorized individuals.

·       Configure and operate IT systems within the authorities vested in them IAW DoD cybersecurity policies and procedures.

·       Protect authenticators commensurate with the classification or sensitivity of the information accessed and report any compromise or suspected compromise of an authenticator to the appropriate ISSO.

·       Observe policies and procedures governing the secure operation and authorized use of DoD IT systems, including operations security.

·       Develop and maintain an organizational or system-level cybersecurity program that includes cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures.

·       Maintain IAT 8570 certification of DoD information baseline requirements; approved hardware/software, Security Technical Implementation Guide, vulnerability requirements, etc.

·       Implement and report on violations of AF IA policies and procedures to the appropriate functional manager for supported networks.