Common use of Federal Information Security Management Act (FISMA Clause in Contracts

Federal Information Security Management Act (FISMA. All information systems, electronic or hard copy, that contain federal data must be protected from unauthorized access. This standard also applies to information associated with CDC grants. Congress and the OMB have instituted laws, policies and directives that govern the creation and implementation of federal information security practices that pertain specifically to grants and contracts. The current regulations are pursuant to the Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002, PL 107-347. FISMA applies to CDC grantees only when grantees collect, store, process, transmit or use information on behalf of HHS or any of its component organizations. In all other cases, FISMA is not applicable to recipients of grants, including cooperative agreements. Under FISMA, the grantee retains the original data and intellectual property, and is responsible for the security of these data, subject to all applicable laws protecting security, privacy, and research. If/When information collected by a grantee is provided to HHS, responsibility for the protection of the HHS copy of the information is transferred to HHS and it becomes the agency’s responsibility to protect that information and any derivative copies as required by FISMA. For the full text of the requirements under Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002 Pub. L. No. 107-347, please review the following website: xxxxx://xxx.xxx.xxx/fdsys/pkg/PLAW-107publ347/pdf/PLAW-107publ347.pdf Pilot Program for Enhancement of Contractor Employee Whistleblower Protections: Grantees are hereby given notice that the 48 CFR section 3.908, implementing section 828, entitled “Pilot Program for Enhancement of Contractor Employee Whistleblower Protections,” of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2013 (Pub. L. 112-239, enacted January 2, 2013), applies to this award. Federal Acquisition Regulations

Federal Information Security Management Act (FISMA. All information systems, electronic or hard copy, that contain federal data must be protected from unauthorized access. This standard also applies to information associated with CDC grants. Congress and the OMB have instituted laws, policies and directives that govern the creation and implementation of federal information security practices that pertain specifically to grants and contracts. The current regulations are pursuant to the Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002, PL 107-347. FISMA applies to CDC grantees recipients only when grantees recipients collect, store, process, transmit or use information on behalf of HHS or any of its component organizations. In all other cases, FISMA is not applicable to recipients of grants, including cooperative agreements. Under FISMA, the grantee recipient retains the original data and intellectual property, and is responsible for the security of these data, subject to all applicable laws protecting security, privacy, and research. If/When information collected by a grantee recipient is provided to HHS, responsibility for the protection of the HHS copy of the information is transferred to HHS and it becomes the agency’s responsibility to protect that information and any derivative copies as required by FISMA. For the full text of the requirements under Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002 Pub. L. No. 107-347, please review the following website: xxxxx://xxx.xxx.xxx/fdsys/pkg/PLAW-107publ347/pdf/PLAW-107publ347.pdf Pilot Program for Enhancement of Contractor Employee Whistleblower Protections: Grantees Recipients are hereby given notice that the 48 CFR section 3.908, implementing section 828, entitled “Pilot Program for Enhancement of Contractor Employee Whistleblower Protections,” of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2013 (Pub. L. 112-239, enacted January 2, 2013), applies to this award. Federal Acquisition Regulations

Federal Information Security Management Act (FISMA. All information systems, electronic or hard copy, that contain federal data must be protected from unauthorized access. This standard also applies to information associated with CDC grants. Congress and the OMB have instituted laws, policies and directives that govern the creation and implementation of federal information security practices that pertain specifically to grants and contracts. The current regulations are pursuant to the Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002, PL 107-347. FISMA applies to CDC grantees only when grantees collect, store, process, transmit or use information on behalf of HHS or any of its component organizations. In all other cases, FISMA is not applicable to recipients of grants, including cooperative agreements. Under FISMA, the grantee retains the original data and intellectual property, and is responsible for the security of these data, subject to all applicable laws protecting security, privacy, and research. If/When information collected by a grantee is provided to HHS, responsibility for the protection of the HHS copy of the information is transferred to HHS and it becomes the agency’s responsibility to protect that information and any derivative copies as required by FISMA. For the full text of the requirements under Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002 Pub. L. No. 107-347, please review the following website: xxxxx://xxx.xxx.xxx/fdsys/pkg/PLAW-107publ347/pdf/PLAW-107publ347.pdf xxxx://xxxxxxxxx.xxxxxx.xxx.xxx/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ347.107.pdf Pilot Program for Enhancement of Contractor Employee Whistleblower Protections: Grantees are hereby given notice that the 48 CFR section 3.908, implementing section 828, entitled “Pilot Program for Enhancement of Contractor Employee Whistleblower Protections,” of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2013 (Pub. L. 112-239, enacted January 2, 2013), applies to this award. Federal Acquisition Regulations

Federal Information Security Management Act (FISMA. All information systems, electronic or hard copy, that contain federal data must be protected from unauthorized access. This standard also applies to information associated with CDC grants. Congress and the OMB have instituted laws, policies and directives that govern the creation and implementation of federal information security practices that pertain specifically to grants and contracts. The current regulations are pursuant to the Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002, PL 107-347. FISMA applies to CDC grantees only when grantees collect, store, process, transmit or use information on behalf of HHS or any of its component organizations. In all other cases, FISMA is not applicable to recipients of grants, including cooperative agreements. Under FISMA, the grantee retains the original data and intellectual property, and is responsible for the security of these data, subject to all applicable laws protecting security, privacy, and research. If/When information collected by a grantee is provided to HHS, responsibility for the protection of the HHS copy of the information is transferred to HHS and it becomes the agency’s responsibility to protect that information and any derivative copies as required by FISMA. For the full text of the requirements under Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002 Pub. L. No. 107-347, please review the following website: xxxxx://xxx.xxx.xxx/fdsys/pkg/PLAW-107publ347/pdf/PLAW-107publ347.pdf xxxx://xxxxxxxxx.xxxxxx.xxx.xxx/cgi- bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ347.107.pdf Pilot Program for Enhancement of Contractor Employee Whistleblower Protections: Grantees are hereby given notice that the 48 CFR section 3.908, implementing section 828, entitled “Pilot Program for Enhancement of Contractor Employee Whistleblower Protections,” of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2013 (Pub. L. 112-239, enacted January 2, 2013), applies to this award. Federal Acquisition Regulations

Federal Information Security Management Act (FISMA. All information systems, electronic or hard copy, that contain federal data must be protected from unauthorized access. This standard also applies to information associated with CDC grants. Congress and the OMB have instituted laws, policies and directives that govern the creation and implementation of federal information security practices that pertain specifically to grants and contracts. The current regulations are pursuant to the Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002, PL 107-347. FISMA applies to CDC grantees recipients only when grantees recipients collect, store, process, transmit or use information on behalf of HHS or any of its component organizations. In all other cases, FISMA is not applicable to recipients of grants, including cooperative agreements. Under FISMA, the grantee recipient retains the original data and intellectual property, and is responsible for the security of these data, subject to all applicable laws protecting security, privacy, and research. If/When information collected by a grantee recipient is provided to HHS, responsibility for the protection of the HHS copy of the information is transferred to HHS and it becomes the agency’s responsibility to protect that information and any derivative copies as required by FISMA. For the full text of the requirements under Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002 Pub. L. No. 107-347, please review the following website: xxxxx://xxx.xxx.xxx/fdsys/pkg/PLAW-107publ347/pdf/PLAW-107publ347.pdf Pilot Program for Enhancement of Contractor Employee Whistleblower Protections: Grantees Recipients are hereby given notice that the 48 CFR section 3.908, implementing section 828, entitled “Pilot Program for Enhancement of Contractor Employee Whistleblower Protections,” of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2013 (Pub. L. 112-239, enacted January 2, 2013), applies to this award. Federal Acquisition RegulationsRegulations As promulgated in the Federal Register, the relevant portions of 48 CFR section 3.908 read as

Federal Information Security Management Act (FISMA. All information systems, electronic or hard copy, that contain federal data must be protected from unauthorized access. This standard also applies to information associated with CDC grants. Congress and the OMB have instituted laws, policies and directives that govern the creation and implementation of federal information security practices that pertain specifically to grants and contracts. The current regulations are pursuant to the Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002, PL 107-347. FISMA applies to CDC grantees recipients only when grantees recipients collect, store, process, transmit or use information on behalf of HHS or any of its component organizations. In all other cases, FISMA is not applicable to recipients of grants, including cooperative agreements. Under FISMA, the grantee recipient retains the original data and intellectual property, and is responsible for the security of these data, subject to all applicable laws protecting security, privacy, and research. If/When information collected by a grantee recipient is provided to HHS, responsibility for the protection of the HHS copy of the information is transferred to HHS and it becomes the agency’s responsibility to protect that information and any derivative copies as required by FISMA. For the full text of the requirements under Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002 Pub. L. No. 107-347, please review the following website: xxxxx://xxx.xxx.xxx/fdsys/pkg/PLAW-107publ347/pdf/PLAW-107publ347.pdf xxxxx://xxx.xxx.xxx/fdsys/pkg/PLAW- 107publ347/pdf/PLAW-107publ347.pdf Pilot Program for Enhancement of Contractor Employee Whistleblower Protections: Grantees Recipients are hereby given notice that the 48 CFR section 3.908, implementing section 828, entitled “Pilot Program for Enhancement of Contractor Employee Whistleblower Protections,” of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2013 (Pub. L. 112-239, enacted January 2, 2013), applies to this award. Federal Acquisition Regulations