Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Sample Statement of Work for Federal Computer Security Services: For Use in-House or Contracting Out



D M. Gilbert, N Lynch


Each federal organization is fully responsible for its computer security program whether the security program is performed by in-house staff or contracted out. Time constraints, budget constraints, availability or expertise of staff, and the potential knowledge to be gained by the organization from an experienced contractor are among the reasons a federal organization may wish to get external assistance for some of these complex, labor intensive activities. An interagency working group of federal and private sector security specialists developed this document. The document presents the ideas and experiences of those involved with computer security. It supports the operational field with a set of Statements of Works (SOWs) describing significant computer security activities. While not a substitute for good computer security management, organization staff and government contractors can use these SOWs as a basis for a common understanding of each described activity. The sample SOWs can foster easier access to more consistent, high-quality computer security services. The descriptions apply to contracting for services or obtaining them from within the organization.
NIST Interagency/Internal Report (NISTIR) - 4749
Report Number


Gilbert, D. and Lynch, N. (1991), Sample Statement of Work for Federal Computer Security Services: For Use in-House or Contracting Out, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD (Accessed July 13, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created December 1, 1991, Updated February 19, 2017