USAID 752.239-72 USAID-Financed Project Websites. Basic (May 2024) (Current)

As prescribed in AIDAR 739.106(d), Contracting officers must insert the clause at 752.239–72, USAID-Financed Project websites, in solicitations and contracts fully or partially funded with program funds.

USAID-Financed Project Websites. (MAY 2024)

(a) Definitions. As used in this contract:

Project Website means a website that is:

      (1) funded under this contract;

      (2) hosted outside of a Federal Government domain (i.e., ".gov");

      (3) operated exclusively by the Contractor, who is responsible for all website content, operations and management, information security, and disposition of the website;

      (4) not operated by or on behalf of USAID; and

      (5) does not provide official USAID communications, information, or services.

(b) Requirements. The Contractor must adhere to the following requirements when developing, launching, or maintaining a Project Website:

      (1) Domain name. The domain name of the website must not contain the term "USAID". The domain name must be registered in the Contractor's business name with the relevant domain registrar on the relevant domain name registry.

      (2) Information to be collected. In the website, the Contractor may collect only the amount of information necessary to complete the specific business need. The Contractor must not collect or store privacy information that is unnecessary for the website to operate, or is prohibited by statute, regulation, or Executive Order.

      (3) Disclaimer. The website must be marked on the index page of the site and every major entry point to the website with a disclaimer that states: "The information provided on this website is not official U.S. Government information and does not represent the views or positions of the U.S. Agency for International Development or the U.S. Government."

      (4) Accessibility. To comply with the requirements of the Section 508 of the Rehabilitation Act, as amended (29 U.S.C. 794d), the Contractor must ensure the website meets all applicable accessibility standards ("Web-based intranet and internet information and applications") at 36 CFR part 1194, Appendix D.

      (5) Information security: The Contractor is solely responsible for the information security of the website. This includes incident response activities as well as all security safeguards, including adequate protection from unauthorized access, alteration, disclosure, or misuse of information collected, processed, stored, transmitted, or published on the website. The Contractor must minimize and mitigate security risks, promote the integrity and availability of website information, and use state-of-the-art: system/software management; engineering and development; event logging; and secure-coding practices that are equal to or better than USAID standards and information security best practices. Rigorous security safeguards, including but not limited to, virus protection; network intrusion detection and prevention programs; and vulnerability management systems must be implemented and critical security issues must be resolved within 30 calendar days.

(c) Disposition. At least 120 days prior to the contract end date, unless otherwise approved by the Contracting Officer, the Contractor must submit for the Contracting Officer's approval a disposition plan that addresses how any Project Website funded under this contract will be transitioned to another entity or decommissioned and archived. If the website will be transitioned to another entity, the disposition plan must provide details on the Contractor's proposed approach for the transfer of associated electronic records, technical documentation regarding the website's development and maintenance, and event logs. Prior to the end of the contract, the Contractor must comply with the disposition plan approved by the Contracting Officer.

(d) Subcontracts. The Contractor must insert this clause in all subcontracts that involve the development, launch, or maintenance of a Project Website. The Contractor is responsible for the submission of any information as required under paragraphs (b) and (c) of this clause.

(End of clause)


Mandatory (Exception);
IT ✔ 

52.204-21 Basic Safeguarding of Covered Contractor Information Systems.

52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities.

52.204-28 Federal Acquisition Supply Chain Security Act Orders-Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts.

52.204-29 Federal Acquisition Supply Chain Security Act Orders-Representation and Disclosures.

52.204-30 Federal Acquisition Supply Chain Security Act Orders-Prohibition.

52.204-27 Prohibition on a ByteDance Covered Application.

252.204-7016 Covered Defense Telecommunications Equipment or Services-Representation.

252.204-7017 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services—Representation.

252.204-7018 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services.

252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements.

252.204-7020 NIST SP 800-171 DoD Assessment Requirements.

252.204-7021 Contractor Compliance with the Cybersecurity Maturity Model Certification Level Requirement.

252.204-7000 Disclosure of Information.

252.204-7008 Compliance with Safeguarding Covered Defense Information Controls.

252.204-7009 Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information.

252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting.

252.239-7000 Protection Against Compromising Emanations.

252.239-7009 Representation of Use of Cloud Computing.

252.239-7010 Cloud Computing Services.

252.239-7017 Notice of Supply Chain Risk.

252.239-7018 Supply Chain Risk.

252.245-7000 Government-Furnished Mapping, Charting, and Geodesy Property.

252.246-7007 Contractor Counterfeit Electronic Part Detection and Avoidance System.

1852.246-74 Contractor Counterfeit Electronic Part Detection and Avoidance

3052.204-72 Safeguarding of Controlled Unclassified Information.

3052.204-73 Notification and Credit Monitoring Requirements for Personally Identifiable Information Incidents.

3052.204-71 Contractor employee access.

552.204-9 Personal Identity Verification Requirements.

552.239-70 Information Technology Security Plan and Security Authorization.

552.239-71 Security Requirements for Unclassified Information Technology Resources.

552.238-110 Commercial Satellite Communication (COMSATCOM) Services.

652.239-70 Information Technology Security Plan and Accreditation.

652.239-71 Security Requirements for Unclassified Information Technology Resources.

752.204-72 Access to USAID facilities and USAID's information systems.

752.239-70 Information Technology Authorization.

752.227-71 Planning, Collection, and Submission of Digital Information to USAID.

970.5203-1 Management controls.

970.5204-1 Counterintelligence.

970.5204-3 Access to and ownership of records.

952.204-77 Computer security.

952.223-76 Conditional payment of fee or profit-safeguarding restricted data and other classified information and protection of worker safety and health.

Working with a set of FAR clauses from an RFP or contract?

Try pasting them into our tool to instantly generate a risk profile, including the basic flow down recommendation.


Works best with Chrome and Edge browsers!