Billing and Accounts Receivable RFP Library

The library contains information that may assist you in responding to the RFP for the Billing and AR Project.

Please refer to the NIST website for the latest versions of all documentation.

Security

• NIST FIPS 140-2, Security requirements for Cryptographic Modules
• NIST FIPS 199, Standards for Security Categorization of Federal Information and Information Systems
• NIST FIPS 200, Minimum Security Requirements for Federal Information and Information Systems
• NIST SP 800-18 Rev 1 - Guide for Developing Security Plans for Federal Information Systems
• NIST SP 800-30 - Risk Management Guide for Information Technology Systems
• NIST SP 800-31 - Intrusion Detection Systems (IDS)
• NIST SP 800-34 - Contingency Planning Guide for Information Technology Systems
• NIST SP 800-37 - Guide for the Security Certification and Accreditation of Federal Information Systems
• NIST SP 800-40 v2 - Creating a Patch and Vulnerability Management Program
• NIST SP 800-41 - Guidelines on Firewalls and Firewall Policy
• NIST SP 800-44 v2 - Guidelines on Securing Public Web Servers
• NIST 800-47 - Security Guide for Interconnecting Information Technology Systems
• NIST SP 800-53 Rev. 1 - Recommended Security Controls for Federal Information Systems for Moderate system
• NIST SP 800-60 - Guide for Mapping Types of Information and Information Systems to Security Categories
• NIST SP 800-61 - Computer Security Incident Handling Guide
• NIST SP 800-64, Rev. 1 - Security Considerations in the Information System Development Life Cycle
• NIST SP 800-77 - Guide to IPsec VPNs
• NIST SP 800-88 - Guidelines for Media Sanitization
• NIST SP 800-92 - Guide to Computer Security Log Management
• NIST SP 800-95 – Guide to Secure Web Services, August 2006
• NIST SP 800-53a, Annex 2
• National Vulnerability Database provided by NIST
• Common Vulnerabilities and Exposures (CVE) provided by Mitre Corporation

Legislation and Regulations

• Debt Collection Act of 1982 (DCA)
• Deficit Reduction Act of 1984
• Chief Financial Officers Act of 1990
• Administrative Dispute Resolution Act of 1990
• Cash Management Improvement Act Amendments of 1992
• Omnibus Budget Reconciliation Act of 1993 (OMBRA)
• Department of Justice 1994 Appropriation Act
• General Accounting Office Act of 1996
• Federal Claims Collection Standards (FCCS)
• OMB Circular No. A-129 "Policies for Federal Credit Programs and Non-Tax Receivables"
• Cash Management Made Easy
• Management of Federal Information Resources A-130
• Financial Management Systems A-127
• Management Accountability and Control A-123
• Federal Information Security Management Act of 2002
• Federal Managers Financial Integrity Act of 1982
• Federal Financial Management Improvement Act of 1996

Information about GSA

• GSA 2006 Annual Report
• Office of the CFO Financial Management Status Report and 5-Year Plan (1993 - 2007)
• GSA Strategic Plan 2007
• One GSA Enterprise Architecure Policy
• GSA Acronyms

Billing and AR Subject Matter Information

• Defining the Financial Management Line of Business at the General Services Administration Report GS10T2 January 2006
• The GSA Enterprise Data Model diagram
• FMEA Information Model

The following documents provide additional relevant information, but require that a non-disclosure agreement be signed and submitted before they can be obtained:

• GSA IT Security Policy
• GSA CIO Instructional Letter – Safeguarding Personally Identifiable Information (CIO IL 06-02)
• GSA Homeland Security Presidential Directive – 12, Personal Identity Verification and Credentialing, Standard Operating Procedure – Document Version 2.1
• Password Generation and Protection (CIO IT Security 01-01)
• Security Incident Handling Guide: (CIO IT Security 01-02) Rev. 5
• Developing a Configuration Management Plan (CIO IT Security 01-05)
• GSA Contingency Plan Testing (CIO-IT-Security 06-29) Rev 1
• Access Control (CIO IT Security 01-07)
• Auditing & Monitoring (CIO IT Security 01-08)
• Termination Transfer Guide (CIO IT Security 03-23)
• Managing Enterprise Risk (Security Categorization, Risk Assessment, & Certification and Accreditation) (CIO IT Security 06-30)
• Media Sanitation Guide (CIO IT Security 06-32)
• Web Application Security Guide: (CIO-IT Security-07-35) Rev. 1
• IT Security Procedural Guide: Windows XP Professional Hardening (CIO-IT Security 03-23) Revision 6a
• IT Security Procedural Guide: Oracle Database Hardening (CIO-IT Security 05-28)
• Windows 2003 Server Hardening Guide Package (CIO IT Security 04-25) Revision 2
• Windows 2000 Server Hardening Guide Package (CIO IT Security 02-16/17)
• Microsoft IIS 5.0 Server Hardening Guide Package (CIO IT Security 02-18/19)
• Sun Solaris Server Hardening Guide Package (CIO IT Security 02-20)
• OCFO IBM AIX Hardening Procedure Guide
• Center for Internet Security (CIS) Red Hat Linux Benchmark and Scoring Tool
• CIS Apache Web Server Benchmark and Scoring Tool
• CIS HP-UX Benchmark and Scoring Tool
• The “One GSA” Enterprise Architecture Policy
• GSA IT Architecture Standards
• GSA SDLC
• GSA IT Strategic Plan

RELATED GSA TOPICS

• Budget & Performance
• Payroll and Financial Applications

GOVERNMENT LINKS

• Federal Integrated Solutions Center(FISC)