Department of Energy Portsmouth/Paducah Project Office 1017 Majestic Drive, Suite 200 Lexington, Kentucky 40513 (859) 219-4000
OCT 25 2016
DISTRIBUTION LIST
PPP0-01-3829773-17
Dear Madam/Sirs:
CYBER SECURITY RISK TRACKING SYSTEM The United States Department of Energy Portsmouth/Paducah Project Office (PPPO) has implemented a web application facilitating a centralized, automated workflow for cyber securityrelated risk management activities. The Risk Tracking System is provided as a common control to all PPPO information systems (i.e., general support systems, industrial control systems, major applications) processing, storing, or transmitting unclassified information. National security systems processing classified information are not supported at this time. All federal and contractor organizations responsible for the design, implementation, and maintenance of security controls within PPPO information systems will utilize this web application for all unclassified cyber security-related risk management activities beginning Monday, November 14, 2016. The following security control from National Institute of Standards and Technology Special Publication 800-53 Security and Privacy Controls for Federal Information Systems and Organizations will be inherited and documented as such in applicable system security plans (organization-defined values are in red): RA-3
RISK ASSESSMENT Control: The organization: a. Conducts an assessment of risk, including the likelihood and magnitude of harm, from the unauthorized access, use, disclosure, disruption, modification, or destruction of the information system and the information it processes, stores, or transmits; b. Documents risk assessment results in the Portsmouth/Paducah Project Office's Risk Tracking System web application; c. Reviews risk assessment results on a quarterly basis; d. Disseminates risk assessment results to personnel with cyber security-significant roles through the Portsmouth/Paducah Project Office's Risk Tracking System web application; e. Updates the risk assessment on an annual basis or whenever there are significant changes to the information system or environment of operation (including the identification of new threats and vulnerabilities), or other conditions that may impact the security state of the system.
Distribution
2
PPP0-01-3829773-17
The RTS application can be accessed by visiting: https://services.lex.doe.gov/RTS/.
If you have any questions or require additional information, please contact Abraham Getchell at (859) 219-4024 or
[email protected]. Sincerely,
<:;;)~~
Robert Swett Lead Procurement Official Portsmouth/Paducah Project Office
e-copy:
[email protected], EM-5.12/FORS
[email protected], EM-5.12/FORS
[email protected], PPPO/LEX
[email protected], PPPO/LEX jennifer.
[email protected], PPPO/PAD joel.
[email protected], PPPO/PORTS
[email protected], PPPO/P AD
[email protected], PPPO/P AD
[email protected], PPPO/PORTS
[email protected], PPPO/LEX daniel.
[email protected], PPPO/LEX
[email protected], PP PO/LEX
[email protected], PPPO/PORTS
[email protected], PPPO/LEX
[email protected], PP PO/LEX
[email protected], BWCS/LEX
[email protected], PMA/PORTS
[email protected], PMA/PORTS tammy
[email protected], SS I/Kevil
[email protected], SSI/Kevil
[email protected], SMSI/LEX
[email protected], SMSI/LEX
[email protected], SMSI/LEX
[email protected], BWCS/LEX
[email protected], PMA/PORTS
[email protected], SSI/Kevil
Distribution
3
DISTRIBUTION LIST:
Mr. John D. Woolery, President and Project Manager CONTRACT NO. DE-AC30-11CC40015 B WXT Conversion Services, LLC 1020 Monarch Street, Suite 300 Lexington, Kentucky 40513 Mr. Damon Detillion, Project Manager CONTRACT NO. DE-EM0004062 Portsmouth Mission Alliance, LLC P.O. Box 307 Piketon, Ohio 45661 Ms. Tammy Courtney, Project Manager CONTRACT NO. DE-EM0003733 Swift & Staley, Inc. 5505 Hobbs Road Kevil, Kentucky 42053 Mr. David Allen, Program Director CONTRACT NO. GS10F006IR, TASK ORDER NO. DE-DT0005643 Strategic Management Solutions, LLC 6301 Indian School Road, NE, STE 215 Albuquerque, NM 87110-8187
PPP0-01-3829773-17