The ISSO BPA is designed to provide ISSO support for USAID information systems in different stages of the SDLC. The ISSO BPA can assist missions, bureaus and offices by providing a source for Information System Security Officer (ISSO), Cyber Risk Management (CRM), and Penetration Testing services for USAID information systems. The ISSO BPA can also support USAID to build capacity and learn from experiences in implementing CRM. The ISSO BPA is a worldwide support mechanism; it is designed to support any USAID bureau, mission or office.
The main tasks under the mechanism are:
ISSO Services for Missions and Bureaus: Providing in-person and remote facilitation and technical assistance to USAID field missions and pillar and regional bureaus by performing/supporting the activities defined in the NIST RMF to obtain and maintain FISMA compliance, providing ISSO support in the different stages of the SDLC and continuous monitoring support.
Cyber Risk Management (CRM) Consulting Services: Providing CRM services per Office of Management and Budget (OMB) Circular A-130, Appendix III, Security of Federal Automated Information Resources, NIST Special Publication 800-37 rev. 1, Guide for Applying the Risk Management Framework to Federal Information Systems, and USAID Automated Directives System (ADS) 545 by being a trusted advisor to SO/ISSO, reviewing the appropriate Federal guidance, performing research, and verifying and updating maturity of any documents prepared by the project teams.
Penetration Testing: Providing Penetration Testing services for evaluating risks associated with operating USAID information systems that is consistent with U.S. Department of Homeland Security (DHS) services documented in the Rules of Engagement Agreement. This service will test the adequacy and effectiveness of security control measures in place to protect the security and integrity of sensitive IT systems and data.