Policy Management Support Services

Job Title: Policy Management Support Services

• Research, review, analyze and consult in the development, documentation and maintenance of the agency level cybersecurity and privacy policy(s).
• Report on the development of FAA cybersecurity and privacy policy.
• Research, review, analyze and consult with the development, update and revision of IS&P policies, standards, and requirements to comply with latest Federal and DOT guidance and requirements.
• Document the development, update and revision of IS&P Policy Development Plan.
• Research, review, analyze and consul the development, update, and revision of FAA Security Authorization Handbook.
• Support the coordination of new IS&P policies, orders, and standards within the FAA.
• Maintain and update the Security Authorization Handbook for users of the systems, which documents the required controls and how they will be assessed.
• Support identifying and maintaining deviations with accordance to the FAA Order 1370.121A (or present form).
• Support Deviation process including the documenting of the deviated policy, what residual risk exists, any alternative security measures in place or to be put in place to help remediate the vulnerability.
• Creating and presenting documents to the IS&P security management including the Deputy CISO and CISO.
• Provide support with documentation including the gathering and obtaining of required signatures.
• Review of the existing policy deviations (waivers), Risk Acceptance (RA) memos, Production Data Usage requests, Authority to Operate (ATO), and preparing advance notice to System Owners (SO) for upcoming deviations, which are set to expire.
• Support Risk Acceptance/Authority to Operate (ATO)/Deviation/Production data requests.
• Review and provide comments on Federal, DOT and FAA policies.
• Track, analyze, review and comment on new, proposed or revised policies, legislation, standards, and guidance from federal policy authorities such as NIST and OMB. Based on the analysis and anticipated impact, develop recommendations tailored to FAA needs.
• Provide guidance on applicability of existing federal policy(s) to the FAA.
• Provide guidance on user request for interpretation of FAA policy.
• Review existing policies Federal, DOT, and FAA policies to advise on policy compliance, gaps, and coverage areas.
• Provide support on the development and documentation of new and revision of existing Guidance, SOPs, and IS&P process documents as requested.
• Provide support with the evaluation of new technology implementations and procurements to ensure compliance with current policies.
• Attend policy meetings and support status briefings as requested.
• Provide support for assembling policy request responses.
• Support the FAA in the development and operation of automated processes including automation of policy deviation requests and automated processes to update IS&P policy.
• Assist the FAA in developing IS&P policies around transitioning for Commercial off-theshelf (COTS) Software to Software as a Service (SaaS).
• Assist the FAA with developing policy and strategy for supply chain risk management (SCRM).
• Coordinate, document and report on requests for data usage to AIS management. This requires extensive knowledge of security controls inherited and utilized by a system or group of systems. The contractor must have knowledge of required controls and remediation tactics to reduce residual risk.
• Prepare, review and edit presentations for FAA leadership.
• Have a working knowledge of Microsoft Office products, including, but not limited to: Word, Excel, PowerPoint, Visio, Project, Teams, SharePoint, Power Automate, and other Office 365 tools.
• Have working knowledge of OMB A-130, OMB memoranda, FISMA, executive orders, the Privacy Act, NIST 800 series documents, and other key Federal cybersecurity policy documents.
• Have a comprehensive knowledge of NIST 800-53 Revision 5 and the control families.
• Using the Microsoft O365 tools, assist in automating recurring tasks, waiver requests, and policy efforts. ff. Assist in reviewing, analyzing, and editing reports and data prior to them being sent to FAA leadership.
• Have a working knowledge of the required documents to support the security authorization process.
• Have a working knowledge of Cloud environments (IaaS, PaaS, SaaS) and FedRAMP.