NASA 1852.204-76 Security Requirements for Unclassified Information Technology Resources. Basic (JAN 2011) (Current)

As prescribed in 1804.470-4,

(a) insert the clause at 1852.204-76, Security Requirements for Unclassified Information Technology Resources, in all solicitations and awards when contract performance requires contractors to—

    (1) Have physical or electronic access to NASA's computer systems, networks, or IT infrastructure; or

    (2) Use information systems to generate, store, process, or exchange data with NASA or on behalf of NASA, regardless of whether the data resides on a NASA or a contractor's information system.

(b) Parts of the clause and referenced ADL may be waived by the contracting officer if the contractor's ongoing IT security program meets or exceeds the requirements of NASA Procedural Requirements (NPR) 2810.1 in effect at time of award. The current version of NPR 2810.1 is referenced in the ADL. The contractor shall submit a written waiver request to the Contracting Officer within 30 days of award. The waiver request will be reviewed by the Center IT Security Manager. If approved, the Contractor Officer will notify the contractor, by contract modification, which parts of the clause or provisions of the ADL are waived.

SECURITY REQUIREMENTS FOR UNCLASSIFIED INFORMATION TECHNOLOGY RESOURCES

(JAN 2011)

(a)  The contractor shall protect the confidentiality, integrity, and availability of NASA Electronic Information and IT resources and protect NASA Electronic Information from unauthorized disclosure.

(b)  This clause is applicable to all NASA contractors and sub-contractors that process, manage, access, or store unclassified electronic information, to include Sensitive But Unclassified (SBU) information, for NASA in support of NASA's missions, programs, projects and/or institutional requirements.  Applicable requirements, regulations, policies, and guidelines

are identified in the Applicable Documents List (ADL) provided as an attachment to the contract. The documents listed in the ADL can be found at: http://www.nasa.gov/offices/ocio/itsecurity/index.html.  For policy information considered sensitive, the documents will be identified as such in the ADL and made available through the Contracting Officer.

(c) Definitions.

    (1)  IT resources means any hardware or software or interconnected system or subsystem of equipment, that is used to process, manage, access, or store electronic information.

    (2)  NASA Electronic Information is any data (as defined in the Rights in Data clause of this contract) or information (including information incidental to contract administration, such as financial, administrative, cost or pricing, or management information) that is processed, managed, accessed or stored on an IT system(s) in the performance of a NASA contract.

    (3)  IT Security Management Plan. This plan shall describe the processes and procedures that will be followed to ensure appropriate security of IT resources that are developed, processed, or used under this contract. Unlike the IT security plan, which addresses the IT system, the IT Security Management Plan addresses how the contractor will manage personnel and processes associated with IT Security on the instant contract.

    (4)  IT Security Plan.  This is a FISMA requirement; see the ADL for applicable requirements.  The IT Security Plan is specific to the IT System and not the contract. Within 30 days after award, the contractor shall develop and deliver an IT Security Management Plan to the Contracting Officer; the approval authority will be included in the ADL.  All contractor

personnel requiring physical or logical access to NASA IT resources must complete NASA's annual IT Security Awareness training.  Refer to the IT Training policy located in the IT Security Web site at https://itsecurity.nasa.gov/policies/index.html.

(d)  The contractor shall afford Government access to the Contractor's and subcontractors' facilities, installations, operations, documentation, databases, and personnel used in performance of the contract.  Access shall be provided to the extent required to carry out a program of IT inspection (to include vulnerability testing), investigation and audit to safeguard against threats and hazards to the integrity, availability, and confidentiality of NASA Electronic Information or to the function of IT systems operated on behalf of NASA, and to preserve evidence of computer crime.

(e)  At the completion of the contract, the contractor shall return all NASA information and IT resources provided to the contractor during the performance of the contract in accordance with retention documentation available in the ADL.  The contractor shall provide a listing of all NASA Electronic information and IT resources generated in performance of the contract.  At that time, the contractor shall request disposition instructions from the Contracting Officer.  The Contracting Officer will provide disposition instructions within 30 calendar days of the contractor's request.  Parts of the clause and referenced ADL may be waived by the contracting officer, if the contractor's ongoing IT security program meets or exceeds the requirements of NASA Procedural Requirements (NPR) 2810.1 in effect at time of award.  The current version of NPR 2810.1 is referenced in the ADL.  The contractor shall submit a written waiver request to

the Contracting Officer within 30 days of award.  The waiver request will be reviewed by the Center IT Security Manager. If approved, the Contractor Officer will notify the contractor, by contract modification, which parts of the clause or provisions of the ADL are waived.

(f)  The contractor shall insert this clause, including this paragraph in all subcontracts that process, manage, access or store NASA Electronic Information in support of the mission of the Agency.

(End of clause)

(f) The contractor shall insert this clause, including this paragraph in all subcontracts that process, manage, access or store NASA Electronic Information in support of the mission of the Agency.

Mandatory (Exception);
  NASA 1812.301  (Applies to subcontractors that process, manage, access or store NASA Electronic Information in support of the mission of the Agency.)

52.203-16 Preventing Personal Conflicts of Interest.

52.209-3 First Article Approval—Contractor Testing.

52.209-4 First Article Approval—Government Testing.

52.212-3 Offeror Representations and Certifications—Commercial Items.

52.215-17 Waiver of Facilities Capital Cost of Money.

52.219-18 Notification of Competition Limited to Eligible 8(a) Participants

52.219-4 Notice of Price Evaluation Preference for HUBZone Small Business Concerns.

52.219-6 Notice of Total Small Business Set-Aside.

52.219-7 Notice of Partial Small Business Set-Aside.

52.222-36 Equal Opportunity for Workers with Disabilities.

52.225-7 Waiver of Buy American Statute for Civil Aircraft and Related Articles.

52.227-5 Waiver of Indemnity.

52.228-15 Performance and Payment Bonds—Construction.

52.228-4 Workers’ Compensation and War-Hazard Insurance Overseas.

52.232-12 Advance Payments.

52.234-4 Earned Value Management System.

52.237-8 Restriction on Severance Payments to Foreign Nationals.

52.237-9 Waiver of Limitation on Severance Payments to Foreign Nationals.

52.209-13 Violation of Arms Control Treaties or Agreements-Certification.

252.215-7010 Requirements for Certified Cost or Pricing Data and Data Other Than Certified Cost or Pricing Data.

252.203-7001 Prohibition on Persons Convicted of Fraud or Other Defense Contract-Related Felonies.

252.225-7016 Restriction on Acquisition of Ball and Roller Bearings.

252.225-7019 Restriction on Acquisition of Anchor and Mooring Chain.

252.225-7032 Waiver of United Kingdom Levies—Evaluation of Offers.

252.225-7033 Waiver of United Kingdom Levies.

252.225-7037 Evaluation of Offers for Air Circuit Breakers.

252.242-7005 Contractor Business Systems.

252.247-7023 Transportation of Supplies by Sea.

1852.227-70 New Technology-Other than a Small Business Firm or Nonprofit Organization.

1852.227-71 Requests for Waiver of Rights to Inventions.

1852.227-88 Government-furnished computer software and related technical data.

1852.228-76 Cross-Waiver of Liability for International Space Station Activities.

1852.228-78 Cross-Waiver of Liability for Science or Space Exploration Activities Unrelated to the International Space Station.

1852.234-2 Earned Value Management System.

1852.245-78 Physical inventory of capital personal property

5252.204-9503 Expediting Contract Closeout (NAVAIR)

5252.209-9513 ORGANIZATIONAL CONFLICT OF INTEREST INSTRUCTIONS (SERVICES) (NAVAIR)

5252.209-9510 ORGANIZATIONAL CONFLICTS OF INTEREST (SERVICES) (NAVAIR)(MAR 2007)

3052.209-70 Prohibition on contracts with corporate expatriates

5152.225-5902 Fitness for Duty and Medical/Dental Care Limitations

652.228-71 Worker’s Compensation Insurance (Defense Base Act) - Services.

752.231-71 Salary supplements for HG employees.

952.209-72 Organizational conflicts of interest.

952.227-84 Notice of right to request patent waiver.

952.250-70 Nuclear hazards indemnity agreement.

Working with a set of FAR clauses from an RFP or contract?

Try pasting them into our tool to instantly generate a risk profile, including the basic flow down recommendation.

Info

Works best with Chrome and Edge browsers!