DOE 952.204-77 Computer security. Basic (Aug 2006) (Current)

As prescribed in 904.404(d)(6), this clause is required in contracts in which the contractor may have access to computers owned, leased or operated on behalf of the Department of Energy.

Computer Security (AUG 2006)

(a) Definitions. (1) Computer means desktop computers, portable computers, computer networks (including the DOE Network and local area networks at or controlled by DOE organizations), network devices, automated information systems, and or other related computer equipment owned by, leased, or operated on behalf of the DOE.

(2) Individual means a DOE Contractor or subcontractor employee, or any other person who has been granted access to a DOE computer or to information on a DOE computer, and does not include a member of the public who sends an e-mail message to a DOE computer or who obtains information available to the public on DOE Web sites.

(b) Access to DOE computers. A Contractor shall not allow an individual to have access to information on a DOE computer unless—

(1) The individual has acknowledged in writing that the individual has no expectation of privacy in the use of a DOE computer; and

(2) The individual has consented in writing to permit access by an authorized investigative agency to any DOE computer used during the period of that individual's access to information on a DOE computer, and for a period of three years thereafter.

(c) No expectation of privacy. Notwithstanding any other provision of law (including any provision of law enacted by the Electronic Communications Privacy Act of 1986), no individual using a DOE computer shall have any expectation of privacy in the use of that computer.

(d) Written records. The Contractor is responsible for maintaining written records for itself and subcontractors demonstrating compliance with the provisions of paragraph (b) of this section. The Contractor agrees to provide access to these records to the DOE, or its authorized agents, upon request.

(e) Subcontracts. The Contractor shall insert this clause, including this paragraph (e), in subcontracts under this contract that may provide access to computers owned, leased or operated on behalf of the DOE.

(End of clause)
 

(e) Subcontracts. The Contractor shall insert this clause, including this paragraph (e), in subcontracts under this contract that may provide access to computers owned, leased or operated on behalf of the DOE.

Mandatory (Exception);
(Applies to contracts that may provide access to computers owned, leased or operated on behalf of the DOE.)

52.204-21 Basic Safeguarding of Covered Contractor Information Systems.

52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab and Other Covered Entities.

52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab and Other Covered Entities.

252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements.

252.204-7020 NIST SP 800-171 DoD Assessment Requirements.

252.204-7018 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services.

252.204-7017 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services-Representation.

252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting.

252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements.

252.204-7020 NIST SP 800-171 DoD Assessment Requirements.

252.239-7010 Cloud Computing Services.

252.239-7017 Notice of Supply Chain Risk.

252.239-7018 Supply Chain Risk.

252.239-7010 Cloud Computing Services.

252.204-7009 Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information.

252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting.

252.204-7018 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services

252.204-7020 NIST SP 800-171 DoD Assessment Requirements.

252.204-7021 Contractor Compliance with the Cybersecurity Maturity Model Certification Level Requirement.

252.246-7007 Contractor Counterfeit Electronic Part Detection and Avoidance System.

3052.204-70 Security requirements for unclassified information technology resources.

3052.204-71 Contractor employee access.

3052.204-71 Contractor employee access.

552.204-9 Personal Identity Verification Requirements.

552.204-9 Personal Identity Verification Requirements.

552.238-110 Commercial Satellite Communication (COMSATCOM) Services.

552.204-9 Personal Identity Verification Requirements.

752.204-72 Access to USAID facilities and USAID's information systems.

952.223-76 Conditional payment of fee or profit-safeguarding restricted data and other classified information and protection of worker safety and health.

970.5203-1 Management controls.

970.5204-1 Counterintelligence.

970.5204-3 Access to and ownership of records.

52.204-21 Basic Safeguarding of Covered Contractor Information Systems.

52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities.

52.204-27 Prohibition on a ByteDance Covered Application.

52.204-28 Federal Acquisition Supply Chain Security Act Orders-Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts.

52.204-29 Federal Acquisition Supply Chain Security Act Orders-Representation and Disclosures.

52.204-30 Federal Acquisition Supply Chain Security Act Orders-Prohibition.

252.204-7020 NIST SP 800-171 DoD Assessment Requirements.

252.204-7021 Contractor Compliance with the Cybersecurity Maturity Model Certification Level Requirement.

252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements.

252.204-7016 Covered Defense Telecommunications Equipment or Services-Representation.

252.204-7017 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services—Representation.

252.204-7018 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services.

252.204-7000 Disclosure of Information.

252.204-7008 Compliance with Safeguarding Covered Defense Information Controls.

252.204-7009 Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information.

252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting.

252.239-7000 Protection Against Compromising Emanations.

252.239-7009 Representation of Use of Cloud Computing.

252.239-7010 Cloud Computing Services.

252.239-7017 Notice of Supply Chain Risk.

252.239-7018 Supply Chain Risk.

252.245-7000 Government-Furnished Mapping, Charting, and Geodesy Property.

252.246-7007 Contractor Counterfeit Electronic Part Detection and Avoidance System.

1852.246-74 Contractor Counterfeit Electronic Part Detection and Avoidance

3052.204-72 Safeguarding of Controlled Unclassified Information.

3052.204-73 Notification and Credit Monitoring Requirements for Personally Identifiable Information Incidents.

3052.204-71 Contractor employee access.

552.204-9 Personal Identity Verification Requirements.

552.239-70 Information Technology Security Plan and Security Authorization.

552.239-71 Security Requirements for Unclassified Information Technology Resources.

552.238-110 Commercial Satellite Communication (COMSATCOM) Services.

652.239-70 Information Technology Security Plan and Accreditation.

652.239-71 Security Requirements for Unclassified Information Technology Resources.

752.239-70 Information Technology Authorization.

752.239-72 USAID-Financed Project Websites.

752.227-71 Planning, Collection, and Submission of Digital Information to USAID.

752.204-72 Access to USAID facilities and USAID's information systems.

970.5203-1 Management controls.

970.5204-3 Access to and ownership of records.

952.204-78 DOE Directives.

Working with a set of FAR clauses from an RFP or contract?

Try pasting them into our tool to instantly generate a risk profile, including the basic flow down recommendation.

Info

Works best with Chrome and Edge browsers!