Planning Forward with GSA in Mind

How do I access APW?

General Services Administration (GSA)
Office of Acquisition Policy
Acquisition Planning Wizard (APW) System

Introduction

The following rules of behavior are to be followed by all users of the General Services Administration (GSA) Office of Acquisition Policy´s Acquisition Planning Wizard (APW) system. The rules clearly delineate responsibilities of and expectations for all individuals with access to the Acquisition Planning Wizard (APW). Non-compliance with these rules will be enforced through sanctions commensurate with the level of infraction. Actions may range from a verbal or written warning, removal of system access for a specific period of time, reassignment to other duties, or termination, depending on the severity of the violation.

Responsibilities

The Acquisition Planning Wizard (APW) Project Manager (APW-PM) is responsible for ensuring an adequate level of protection is afforded to the Acquisition Planning Wizard (APW), through an appropriate mix of technical, administrative, and managerial controls. The Project Manager develops policies and procedures, ensures the development and presentation of user and contractor awareness sessions, and periodically verifies that an adequate level of compliance with security requirements exists. The Project Manager is responsible for periodically conducting vulnerability analyses to help determine if security controls are adequate. Special attention will be given to system modifications and developing technologies that can open or have opened vulnerabilities in the security posture of the Acquisition Planning Wizard (APW).

Other Policies and Procedures

The Rules of behavior are not to be used in place of existing policy, rather they are intended to enhance and further define the specific rules each user must follow while accessing the Acquisition Planning Wizard (APW). The rules are consistent with the policy and procedures described in the following directives:

GSA Computer Security Handbook. The recently revised Handbook contains computer security guidance on a wide range of topics (i.e. personnel security, incident handling, and access control mechanisms).

GSA Cyber Security Program Plan. The Cyber Security Program Plan describes the actions GSA will take to fulfill the requirements mandated by the following:

  • Computer Security Act of 1987 (CSA)
  • Office of Management and Budget Circular A-130 (OMB A-130), Appendix III, "Security of Federal Automated Information Resources"
  • Presidential Decision Directive 63 (PDD-63), "Critical Infrastructure Protection"
Applicability

The Rules of Behavior apply to all Acquisition Planning Wizard (APW) system operators. An "operator" of the Acquisition Planning Wizard (APW) is any individual who processes information or performs work on the Acquisition Planning Wizard (APW) on behalf of GSA to accomplish a GSA function, regardless of affiliation. Based on this definition, Acquisition Planning Wizard (APW) users (acting as planners, coordinators, concurrence officials, and/or approvers), system administrators, and contractors are all considered operators and subject to the Rules of Behavior.

Electronic Acceptance of Rules of Behavior

Due to the distributed nature of the Acquisition Planning Wizard (APW), all users of the system will be asked to acknowledge understanding of these rules of behavior via submission of an electronic form as part of the initial system logon. Refresher training on the rules and responsibilities for user of the Acquisition Planning Wizard (APW) system will also be conducted in similar browser-based format.

Application Rules

  1. The computer system I am requesting an account for may only be used for official purposes in the conduct of my duties.
  2. By using the Acquisition Planning Wizard (APW) system, I consent to monitoring and security testing to ensure proper security procedures and appropriate usage guidelines are being observed.
  3. When access is no longer required to the Acquisition Planning Wizard (APW) system, I must notify appropriate responsible parties and make no further attempt to access the system´s resources.
  4. Tampering with another user´s account, files or processes without the other user´s express permission; use of the system resources for personal purposes; or other unauthorized activities is strictly prohibited and will result in disciplinary action.
  5. User login Ids and passwords may never be transferred or shared for any reason.
  6. Active sessions should never be left unattended. Workstations will be paused/locked when unattended for short periods of time (less than 30 minutes).
  7. Concurrently logging on to the Acquisition Planning Wizard (APW) via more than one workstation/terminal is discouraged.
  8. While accessing the Acquisition Planning Wizard (APW) from a non-government-controlled or portable workstation/terminal is approved, the following rules must be adhered to:
    1. Workstation/terminal must be configured with anti-virus protection and current signature files.
    2. Web browser must support 128-bit Secure Socket Layer (SSL) encryption.
    3. Even if supported, user credentials may never be totally cached, stored in a password list or retained in some other persistent structure.
    4. If the operating system does not provide a pause/lock mechanism, the workstation/terminal cannot be left unattended and unsecured. If pause/lock mechanism is not provided, all browser windows must be closed to terminate the session with the Acquisition Planning Wizard (APW).
    5. User will strictly adhere to the following order of operations while performing information processing in support of the Acquisition Planning Wizard (APW) from a non-government-controlled or portable workstation/terminal:
      1. Close all web browser windows.
      2. Open a new web browser window, and log on to the Acquisition Planning Wizard (APW).
      3. Perform processing necessary and relevant to task. Browsing of web sites not relevant to this processing is prohibited.
      4. Close all web browser windows to terminate the session with the Acquisition Planning Wizard (APW).
      5. Resume normal web browsing activities.
  9. Any unauthorized penetration attempt, unauthorized system use, or virus activity will be reported to my supervisor.
  10. Passwords:
    1. Will consist of a minimum of six (6) alphanumeric characters
    2. Will be changed at least every 180 days
    3. Will not be a word appearing in the English or foreign dictionary
    4. Will be memorized and not written down
    5. Will not be stored electronically in any computer files
    6. Will not consist of personal ID data or be easy to guess
    7. If compromised or potentially compromised, passwords should be changed immediately. The user should also contact the System Security Contact via telephone or email.
  11. Submission of this form indicates that I have read, understand and will comply with these rules. I further understand that failure to abide by these rules may constitute grounds for termination of access privileges, administrative action and/or civil or criminal prosecution.
  12. Failure to adhere to these rules may constitute grounds for termination of access privileges, administrative action and/or civil or criminal prosecution.


I HAVE READ AND UNDERSTAND THE RULES OF BEHAVIOR FOR THE USE OF THE ACQUISITION PLANNING WIZARD (APW) SYSTEM AND AGREE TO ABIDE BY THEM.

I fully understand my responsibilities as a user of this system/network.

I acknowledge receipt of, understand my responsibilities, and will comply with the rules of behavior for the Acquisition Planning Wizard (APW).