System and Services Acquisition Policy and Procedures
System and Services Acquisition Policy for 18F
Agency System Maintenance Policy Implementation
System Maintenance Policy is included in CIO P 2100.1 - GSA IT Security Policy, Chapter 4. Policy on Operational Controls. It states, "The availability and usability of GSA equipment and software must be maintained and safeguarded to enable agency objectives to be accomplished."
GSA OCISO ISP also defined agency-wide system maintenance procedures in IT Security Procedural Guide: Maintenance (CIO-IT Security-10-50).
18F follows the GSA System Maintenance policy for its information systems hosted within GSA facilities. The cloud.gov information system is hosted with the AWS GovCloud and will be in purview of the hosting site’s Maintenance policy and procedures.
The GSA Office of the CISO is responsible for reviewing and updating the above documents annually, and notifying System Program Managers and Information System Security Officers and Managers (ISSO/Ms). The GSA OCISO has determined SA-1 to be an Enterprise-Wide Common Control and is provided by the OCISO ISP. For specific details, please refer to the GSA IT FY-15 Information Security Program Plan Version 1.0. Covered By: