NAVY 5252.237-9603 Required Information Assurance and Personnel Security Requirements for Accessing Government Information Systems and Nonpublic Information Basic (Aug 2011) (Current)

This clause has not been authorized for official release. We recommend deferring to the text of the clause in your RFP or contract.

(a) Definition. As used in this clause, “sensitive information” includes:

    (i) All types and forms of confidential business information, including financial information relating to a contractor’s pricing, rates, or costs, and program information relating to current or estimated budgets or schedules;

    (ii) Source selection information, including bid and proposal information as defined in FAR 2.101 and FAR 3.104-4, and other information prohibited from disclosure by the Procurement Integrity Act (41 USC 423);

    (iii) Information properly marked as “business confidential,” “proprietary,” “procurement sensitive,” “source selection sensitive,” or other similar markings;

    (iv) Other information designated as sensitive by the Space and Naval Warfare Systems Command (SPAWAR).

(b) In the performance of the contract, the Contractor may receive or have access to information, including information in Government Information Systems and secure websites. Accessed information may include “sensitive information” or other information not previously made available to the public that would be competitively useful on current or future related procurements.

(c) Contractors are obligated to protect and safeguard from unauthorized disclosure all sensitive information to which they receive access in the performance of the contract, whether the information comes from the Government or from third parties. The Contractor shall—

    (i) Utilize accessed information and limit access to authorized users only for the purposes of performing the services as required by the contract, and not for any other purpose unless authorized;

    (ii) Safeguard accessed information from unauthorized use and disclosure, and not discuss, divulge, or disclose any accessed information to any person or entity except those persons authorized to receive the information as required by the contract or as authorized by Federal statute, law, or regulation;

    (iii) Inform authorized users requiring access in the performance of the contract regarding their obligation to utilize information only for the purposes specified in the contact and to safeguard information from unauthorized use and disclosure.

    (iv) Execute a “Contractor Access to Information Non-Disclosure Agreement,” and obtain and submit to the Contracting Officer a signed “Contractor Employee Access to Information Non-Disclosure Agreement” for each employee prior to assignment;

    (v) Notify the Contracting Officer in writing of any violation of the requirements in (i) through (iv) above as soon as the violation is identified, no later than 24 hours. The notice shall include a description of the violation and the proposed actions to be taken, and shall include the business organization, other entity, or individual to whom the information was divulged.

(d) In the event that the Contractor inadvertently accesses or receives any information marked as “proprietary,” “procurement sensitive,” or “source selection sensitive,” or that, even if not properly marked otherwise indicates the Contractor may not be authorized to access such information, the Contractor shall (i) Notify the Contracting Officer; and (ii) Refrain from any further access until authorized in writing by the Contracting Officer.

(e) The requirements of this clause are in addition to any existing or subsequent Organizational Conflicts of Interest (OCI) requirements which may also be included in the contract, and are in addition to any personnel security or Information Assurance requirements, including Systems Authorization Access Request (SAAR-N), DD Form 2875, Annual Information Assurance (IA) training certificate, SF85P, or other forms that may be required for access to Government Information Systems.

(f) Subcontracts. The Contractor shall insert paragraphs (a) through (f) of this clause in all subcontracts that may require access to sensitive information in the performance of the contract.

(g) Mitigation Plan. If requested by the Contracting Officer, the contractor shall submit, within 45 calendar days following execution of the “Contractor Non-Disclosure Agreement,” a mitigation plan for Government approval, which shall be incorporated into the contract. At a minimum, the mitigation plan shall identify the Contractor’s plan to implement the requirements of paragraph (c) above and shall include the use of a firewall to separate Contractor personnel requiring access to information in the performance of the contract from other Contractor personnel to ensure that the Contractor does not obtain any unfair competitive advantage with respect to any future Government requirements due to unequal access to information. A “firewall” may consist of organizational and physical separation; facility and workspace access restrictions; information system access restrictions; and other data security measures identified, as appropriate. The Contractor shall respond promptly to all inquiries regarding the mitigation plan. Failure to resolve any outstanding issues or obtain approval of the mitigation plan within 45 calendar days of its submission may result, at a minimum, in rejection of the plan and removal of any system access.

(End of clause)

(f) Subcontracts. The Contractor shall insert paragraphs (a) through (f) of this clause in all subcontracts that may require access to sensitive information in the performance of the contract.

Mandatory (Exception);
(Applies to subcontracts that may require access to sensitive information in the performance of the contract.)

52.203-16 Preventing Personal Conflicts of Interest.

252.209-7006 Limitations on Contractors Acting as Lead System Integrators.

252.209-7007 Prohibited Financial Interests for Lead System Integrators.

252.209-7008 Notice of Prohibition Relating to Organizational Conflict of Interest-Major Defense Acquisition Program.

252.209-7009 Organizational Conflict of Interest-Major Defense Acquisition Program.

1852.209-71 Limitation of Future Contracting.

1852.237-72 Access to Sensitive Information.



5252.209-9201 Organizational Conflict of Interest (Systems Engineering)

5252.209-9202 Organizational Conflict of Interest (Specification Preparation)

5252.209-9203 Organizational Conflict of Interest (Access To Proprietary Information)

5252.209-9205 Organizational Conflict of Interest

5252.209-9206 Employment of Navy Personnel Restricted

5252.227-9207 Limited Release of Contractor Confidential Business Information



3052.209-72 Organizational Conflict of Interest.

3052.209-73 Limitation of future contracting.

3052.209-74 Limitations on Contractors Acting as Lead System Integrators

3052.209-75 Prohibited Financial Interests for Lead System Integrators

5352.209-9000 Organizational Conflict of Interest

5352.209-9001 Potential Organizational Conflict of Interest

752.209-71 Organizational conflicts of interest discovered after award.

952.209-8 Organizational conflicts of interest-disclosure.

952.209-72 Organizational conflicts of interest.

1352.209-70 Potential organizational conflict of interest.

1352.209-71 Limitation of future contracting.

1352.209-74 Organizational conflict of interest.

Working with a set of FAR clauses from an RFP or contract?

Try pasting them into our tool to instantly generate a risk profile, including the basic flow down recommendation.


Works best with Chrome and Edge browsers!