Date post: | 31-Dec-2015 |
Category: |
Documents |
Upload: | easter-flynn |
View: | 213 times |
Download: | 0 times |
NASA Goddard Space Flight Center
Code 210 All-Hand May 6, 2015
Handling Electronic
Procurement Files
How Do We Use Electronic Files?
Electronic Files are released to the “public” in multiple ways:o NAIS and FEDBIZOPPS
• e.g., Solicitations, JOFOCs, Sources Sought/RFIso Procurement e-Librarieso Source Selection Process
• e.g., Debriefing Charts, Source Selection Statementso Protest Litigation
• e.g., Agency Recordo Day-to-Day Contract Administration
• e.g., Contract Mods, Letters/Memos, Award Fee Letters, CPAR Assessments
o Center External/Publically Accessible Websiteso FOIA Responses
Areas of Concern with Electronic Files
Visible Dangers- Export Control Information
- Track Changes- Metadata- Embedded Documents
- Hidden Worksheets
- Hidden Text- Comments
Hidden Dangers
- Document Properties
- Off-Screen/Off-Slide Content
- Sensitive But Unclassified Information
Visible Danger – Export Controlled Info.
Exports or transfers of export-controlled items, including technical data and software, shall not be made to any foreign entity under any NASA program unless such exports or transfers are in conformity with approved contracts or agreements (usually international agreements) and U.S. export control laws and regulations, as delineated in the EAR and ITAR.o Export Administration Regulations (EAR), is the set of
regulations that control the export of commercial and dual-use items that are designed for commercial use, but may have military use as well.• e.g., Items themselves or technical data related to propulsion
systems, space vehicles, optics, cameras, lasers, radar.o International Traffic in Arms Regulations (ITAR), is
the set of regulations that control the export and temporary import of defense articles and services.• e.g., Items themselves or technical data related to launch
vehicles, spacecraft and associated equipment.
Visible Danger – Export Controlled Info. (Con’t)
Compliance with U.S. export-control laws and regulations is a requirement for every NASA employee and contractor
Failure to comply couldo Jeopardize NASA export privileges o Cause program delays o Result in criminal and/or civil penalties
Center Export Administrators: o GSFC/WFF - Tom Weisz – 301-286-4541 –
[email protected] HQ – David Flynn – 202-385-1792 –
Visible Danger – Sensitive But Unclassified (SBU)
Sensitive But Unclassified (SBU) – Controlled Unclassified Information (CUI) - Material that does not contain national security information (and therefore cannot be classified) but that is information or material determined to have special protection requirements to preclude unauthorized disclosure to avoid compromises, risks to facilities, projects or programs, threat to the security and/or safety of the source of information, or to meet access restrictions established by laws, directives, or regulations.
Visible Danger – Sensitive But Unclassified (SBU) (Con’t)
Examples of SBU:o Business/Company Confidentialo Geological/Geophysical Informationo Intellectual Propertyo Privileged/Proprietary Commercial or Financial
Informationo Information Subject to Trade Secrets Act
Intellectual Property Questions:o Bryan Geurts – 301-286-7352 –
[email protected] Proprietary/Trade Secrets Act Questions:
o GSFC Office of Chief Counsel
Hidden Danger - Metadata
“Metadata”o Data about data.
• Structural metadata indicates how compound objects are put together, for example, how pages are ordered to form chapters.
• Descriptive metadata describes a resource for purposes such as discovery and identification. It can include elements such as title, abstract, author, and keywords.
• Administrative metadata provides information to help manage a resource, such as when and how it was created, file type and other technical information, and who can access it.
How is Metadata Created?
Whenever you create, open, or save a document in Microsoft Word, Excel, PowerPoint, the document automatically stores information — known as metadata — that you had no intention of including or disclosing. Metadata can also be created by a user.
Metadata is also stored in PDF files, but unlike with the Microsoft Office Suite, someone has to intentionally put it there.
Examples of Metadata
Your name Your initials Your company or
organization name The name of your
computer Personalized views
The name of the network server or hard disk where you saved the document
Document revisions Document versions Template information
Microsoft Office Applications each have 80+ fields of metadata including the following:
What is the Risk of Releasing Hidden Data and Metadata?
The risk of releasing hidden data or metadata ranges from embarrassing to having potentially severe implication.
Embarrassing:o You send a model contract along with a draft SOW from your COR to your
boss for review. You tell your boss you spent the past two weeks working on the model contract without help from anyone but CMM, but the metadata could reveal that you only worked on the model contract for a few minutes because you used an old contract to start from instead of generating it new from CMM, you collaborated with other people on what clause updates were needed, and the SOW was actually written by a contractor.
Potentially Severe Implications:o In preparing a PowerPoint presentation for a pre-solicitation conference, the
Resource Analyst inserts a graph from an Excel spreadsheet as an embedded object into the charts showing historical trends in spending over the life of the predecessor contract. Unbeknown to the Resource Analyst, when they inserted the graph into the charts, it also created a copy of the entire excel workbook from which the graph came from which also included historical labor rates, indirect rates, and the In House Government Estimate for the follow-on contract. Unknowing to you as the CO, you post the charts in a procurement library for all potential offerors to see.
Hidden Dangers – Application Specific
Microsoft Word Track Changes Comments Hidden Text Non-Visible Portions of Embedded Object Linking
and Embedding (OLE) Objects (e.g. Graphs/Charts)
Header/Footer Information Watermark Document Properties
Microsoft Excel Hidden Worksheets Hidden Columns/Rows Comments Header/Footer Information Non-visible Portions of Embedded OLE Objects
(e.g. Graphs/Charts) Track Changes File Properties
Microsoft PowerPoint Presenter Notes Hidden Slides Header/Footers Slide Master Formatting Non-visible portions of embedded OLE
objects (e.g. Graphs/Charts) Comments File properties
Adobe PDF Title/Subject/Author/Keyword File Attachments Annotations and Comments Form Field Information or Actions Object Character Recognition (OCR) Text Hidden Layers Embedded Search Index Redacting Sensitive Information
Next Steps for Protecting Files
Expanding the use of PDF files being transmitted/posted for competitive and non-competitive procurement actionso Center Director has mandated that all electronic files (including
Excel spreadsheets) being transmitted by Procurement to a non-civil servant (e.g. contractors and potential offerors) be transmitted in PDF format. • Reminder: Files being routed for internal Procurement and/or Legal
review should not be sent in PDF format to reviewers.
Working with Code 700 to ensure that hidden data and metadata removal steps are functioning as expected
Expand existing posting checklist to include non-competitive actions
Training coming to a staff meeting near you soon…o Detailed steps for ensuring clean Microsoft Office fileso Detailed steps for converting Office files to PDF
Center-wide solution?
Questions