The initial scope of this project will be for the following, with follow to complete the completed work below;
Management and Support Lines of Business and Information Types
Government Resources Management Information
C.3.3 Human Resource Management Information
Organization & Position Mgmt
Employee Performance Mgmt
Human Resources Development
*NIST 800-60 Vol2 Rev 1 page 28
I'd like to see the high-level work flow preceding and following the data type selection (identifying system name, description, environment, etc then capturing user name and contact info, etc) as well as the workflow the above data types. This should include a high level workflow and workflow for the data types, including screen mock-ups and database design.
We are looking for a skilled team or individuals including but not limited to software developers, information security/assurance professionals and business analysts to convert an existing compliance process into a business process workflow, pseudo code, Visio diagrams and potentially screen mock-ups. The project would require the individual or team to walk through the following documented logical processes;
Using the additional reference documents;
800-60 Vol II Rev 1 : http://csrc.nist.gov/publications/
OPM BRM: http://www.opm.gov/egov/documents/
To generate a final output that will allow for the auto generation of the following completed template;
FedRAMP FIPS 199 Document: www.gsa.gov/graphics/.../FIPS_199_
The psuedo code, workflows and mock-ups should walk the process as if guiding a user as a web application providing questions and examples, defining if the selection workflow mechanisms (check box, drop-down, radio button, or text box), what data can be stored as variables and reused and all the other logical components required, etc. The workflow should be written in US English.
The psudeo code should also include a logic matrix for mapping information types, to information descriptions, to special factors, recommended impact levels, guidance for impact level adjustments in a MS Excel spreadsheet.
A high-level example of the matrix would include the following in a well organized spreadsheet;
Does the information system store Employee Relations Information?
Employee Relation Information designs, develops, and implements programs that strive to maintain an effective employer-employee relationship that balance the agency’s needs against its employees’ rights. This sub-function includes: addressing employee misconduct; addressing employee performance problems; managing administrative grievances; providing employee accommodation; administering employees assistance programs; participating in administrative third party proceedings; and determining candidate and applicant suitability.
Employee Relations Information Type
-Default Impact Levels:Confidentiality = Low, Integrity = Low, Availability = Low
-Special Factors for Confidentiality: Does this data set include PII or HIPAA data?
(if yes adjust to Confidentiality Impact Level to Moderate)
-Special Factors for Integrity: Would loss of Integrity of the data set cause adverse effects to the agency's mission? (if yes adjust to moderate and ask follow-up question would loss of integrity has serious of life-threatening consequences, if yes adjust to high)
-Special Factor for Availability: None
Skills: software-development, graphics, analysis, management, benefits