Mantech

Requirements

• Provides overall configuration management infrastructure and environment to the product development team.
• Developing or modifying CM plans, policies, and procedures tailored to the complexity and scope of the developmental or operational system
• Ensure that FBI ISs are operated, maintained, and disposed of in accordance with the internal security policies and practices outlined in the approved Security Assessment and Authorization (SAA) package.
• Manage the SAA process for new FBI ISs and legacy FBI ISs migrating into the GRC application
• Provide baseline security controls to the system owner, contingent upon the IS’s security categorization, type of information processed and entity type.
• Provide a recommendation to the Authorizing Official, in consultation with the system owner, regarding systems’ impact levels and ISs’ authorization boundary
• Initiate, coordinate, and recommend to the FBI Authorizing Official all Interconnection Security Agreement (ISAs), Memorandum of Understanding (MOUs), and Memorandum of Agreement (MOAs) that permit the interconnection of an FBI IS with any non-FBI or joint-use IS
• Perform an independent review of the System Security Plan (SSP) and make approval decisions.
• Request and negotiate the level of testing required for an IS with the Enterprise Information Security Section and the FBI Authorizing Official.
• Coordinate IS security inspections, tests, and reviews with the Security and system owner.
• Submit the final SAA package to the FBI Authorizing Official for a security ATO decision.
• Supporting developmental and operational systems, creating and maintaining configuration baselines.
• Performing change control and configuration audits
• Ensure that the Security ATO Electronic Communication (EC) is serialized into Sentinel under the applicable case file number.
• Advise the FBI Authorizing Official of IS vulnerabilities and residual risks.