Common use of SECURITY & OPSEC Clause in Contracts

SECURITY & OPSEC. All PAH shall comply with DFARS 252.204-7012 (Oct 2016): Safeguarding Covered Defense Information and Cyber Incident Reporting when applicable. Covered Defense Information (CDI) will be identified at the Project Agreement level. The MCDC Member shall comply with DFARS 252.204-7012 (Oct 2016): Safeguarding Covered Defense Information and Cyber Incident Reporting, which includes implementing on its covered contractor information systems the security requirements specified by DFARS 252.204-7012. Nothing in this paragraph shall be interpreted to foreclose the MCDC Member's right to seek alternate means of complying with the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 (as contemplated in DFARS 252.204-7008 (Compliance with Safeguarding Covered Defense Information Controls) (Oct 2016) and DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting (Oct 2016)). Work performed by a PAH under a Project Agreement may involve access to Controlled Unclassified Information (CUI). All Controlled Unclassified Information (CUI) developed under this Agreement will be managed in accordance with DoD Manual 5200.01, Volume 4 dated February 24, 2012. Contractor personnel shall comply with applicable Technology Protection Plans (TPP), Interim Program Protection Plans (IPPP) and/or Program Protection Plans (PPP). If a project involves a Controlled Unclassified Information (CUI) effort, the below listed Department of Defense Directives, Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS), and ARDEC clauses will be incorporated into the Project Agreements by reference with the same force and effect as if they were given in full text. (1) Each project Scope of Work will be provided by the Agreements Officer Representative (AOR) to the Joint Project Manager- Medical Countermeasure Systems Office for dissemination to the appropriate Fort Xxxxxxx COMSEC officer prior to award for review. (2) Each project Scope of Work will be subject to Ft. Xxxxxxx policy and procedure according to DoD 5220.22- M, (National Industrial Security Program Operating Manual, NISPOM), as deemed applicable and appropriate during the security review process and prior to award. Additional COMSEC requirements may be required at other locations/facilities (based on service/command requirements). (3) Specific applicable policies, instructions, and regulations will be identified in each project. Throughout the life of the Agreement, if any policy, instruction, or regulation is replaced or superseded, the replacement or superseding version shall apply. The following is a snapshot of key regulatory documents, policies, regulations, etc. that may be applicable at time of project award. a) DoDM 5200.01 DoD Information Security Program, 24 Feb 12 b) DoD 5200.2-R Personnel Security Regulation, Jan 87 c) XxXX 5220.22 National Industrial Security Program, 28 Feb 06 d) XxXX 5200.01, Information Security Program and Protection of Sensitive Compartmented Information, 24 Feb 2012

SECURITY & OPSEC. ​ All PAH shall comply with DFARS 252.204-7012 (Oct 2016): Safeguarding Covered Defense Information and Cyber Incident Reporting when applicable. ​ Covered Defense Information (CDI) will be identified at the Project Agreement level. The MCDC Member shall comply with DFARS 252.204-7012 (Oct 2016): Safeguarding Covered Defense Information and Cyber Incident Reporting, which includes implementing on its covered contractor information systems the security requirements specified by DFARS 252.204-7012. Nothing in this paragraph shall be interpreted to foreclose the MCDC Member's right to seek alternate means of complying with the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 (as contemplated in DFARS 252.204-7008 (Compliance with Safeguarding Covered Defense Information Controls) (Oct 2016) and DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting (Oct 2016)). Work performed by a PAH under a Project Agreement may involve access to Controlled Unclassified Information (CUI). All Controlled Unclassified Information (CUI) developed under this Agreement will be managed in accordance with DoD Manual 5200.01, Volume 4 dated February 24, 2012. Contractor personnel shall comply with applicable Technology Protection Plans (TPP), Interim Program Protection Plans (IPPP) and/or Program Protection Plans (PPP). If a project involves a Controlled Unclassified Information (CUI) effort, the below listed Department of Defense Directives, Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS), and ARDEC clauses will be incorporated into the Project Agreements by reference with the same force and effect as if they were given in full text. (1) Each project Scope of Work will be provided by the Agreements Officer Representative (AOR) to the Joint Project Manager- Medical Countermeasure Systems Office for dissemination to the appropriate Fort Xxxxxxx COMSEC officer prior to award for review. (2) Each project Scope of Work will be subject to Ft. Xxxxxxx policy and procedure according to DoD 5220.22- M, (National Industrial Security Program Operating Manual, NISPOM), as deemed applicable and appropriate during the security review process and prior to award. Additional COMSEC requirements may be required at other locations/facilities (based on service/command requirements). (3) Specific applicable policies, instructions, and regulations will be identified in each project. Throughout the life of the Agreement, if any policy, instruction, or regulation is replaced or superseded, the replacement or superseding version shall apply. The following is a snapshot of key regulatory documents, policies, regulations, etc. that may be applicable at time of project award. a) DoDM 5200.01 DoD Information Security Program, 24 Feb 12 b) DoD 5200.2-R Personnel Security Regulation, Jan 87 c) XxXX 5220.22 National Industrial Security Program, 28 Feb 06 d) XxXX 5200.01, Information Security Program and Protection of Sensitive Compartmented Information, 24 Feb 2012