Abstract
Each federal organization is fuly responsible for its computer security program whether the security program is performed by in-house staf or contracted out. TIme constraints, budget constraints, availability or expertise of staff, and the potentila knowledge to be gained by the organization from an experienced contractor are among the reasons a federal organization may wish to get external assistance for some of these complex, labor intensive activities.
An interagency working group of federal and private sector security specialists developed this document. The document presents the ideas and experiences of those involved with computer security. It supports the operational field with a set of Statements of WOrks (SOWs) describing significant copmuter security activities. While not a substitute for good computer security management, organization staff and government contractors can use these SOWs as a basis for a common understanding of each described activity. THe sample SOWs can faster easier access to more consistent, high-quality computer security services. The descriptions apply to contracting for services or obtaining them from within the organization.