Common use of Security Awareness Clause in Contracts

Security Awareness. For the purpose of familiarizing users with the CBNS Information Security policy and educating users on recommended practices, the Department of Management Information Systems has established and will maintain a regularly published informational newsletter; an organized users group and departmental policy. Practices promulgated include but are not limited to: • Educating users on the creation of good passwords • Do’s and don’ts for maintaining workstations • Informing users of e-mail and Internet access policies • Employee responsibility for computer security • Incident reporting procedures • How to identify social engineering tactics • Protecting information The main purpose of the Information Security Policy is to inform users, staff and managers of their obligatory requirements for protecting technology and information assets. The policy specifies the mechanisms through which these requirements can be met. It is also to provide a baseline from which to acquire, configure and audit computer systems and networks for compliance with the policy. The Department of Management Information Systems has in the past reported computer incidents and will continue to report computer incidents to the Federal Computer Incident Response Center (FedCIRC) and the National Infrastructure Protection Center (NIPC) via United States Computer Emergency Response Team (US-CERT). FedCIRC is part of the National Cyber Security Division (NCSD), a division of the Information Analysis and infrastructure Protection (IAIP) Directorate in the Department of Homeland Security(DHS). US- CERT is a partnership between the Department of Homeland Security and the public and private sectors. Established to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation.