Common use of SECURITY & OPSEC Clause in Contracts

SECURITY & OPSEC. All PAH shall comply with DFARS 252.204-7012 (Oct 2016): Safeguarding Covered Defense Information and Cyber Incident Reporting when applicable. Covered Defense Information (CDI) will be identified at the Project Agreement level. The MCDC Member shall comply with DFARS 252.204-7012 (Oct 2016): Safeguarding Covered Defense Information and Cyber Incident Reporting, which includes implementing on its covered contractor information systems the security requirements specified by DFARS 252.204-7012. Nothing in this paragraph shall be interpreted to foreclose the MCDC Member's right to seek alternate means of complying with the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 (as contemplated in DFARS 252.204-7008 (Compliance with Safeguarding Covered Defense Information Controls) (Oct 2016) and DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting (Oct 2016)). Work performed by a PAH under a Project Agreement may involve access to Controlled Unclassified Information (CUI). All Controlled Unclassified Information (CUI) developed under this Agreement will be managed in accordance with DoD Manual 5200.01, Volume 4 dated February 24, 2012. Contractor personnel shall comply with applicable Technology Protection Plans (TPP), Interim Program Protection Plans (IPPP) and/or Program Protection Plans (PPP). If a project involves a Controlled Unclassified Information (CUI) effort, the below listed Department of Defense Directives, Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS), and ARDEC clauses will be incorporated into the Project Agreements by reference with the same force and effect as if they were given in full text.

SECURITY & OPSEC. ​ All PAH shall comply with DFARS 252.204-7012 (Oct 2016): Safeguarding Covered Defense Information and Cyber Incident Reporting when applicable. ​ Covered Defense Information (CDI) will be identified at the Project Agreement level. The MCDC Member shall comply with DFARS 252.204-7012 (Oct 2016): Safeguarding Covered Defense Information and Cyber Incident Reporting, which includes implementing on its covered contractor information systems the security requirements specified by DFARS 252.204-7012. Nothing in this paragraph shall be interpreted to foreclose the MCDC Member's right to seek alternate means of complying with the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 (as contemplated in DFARS 252.204-7008 (Compliance with Safeguarding Covered Defense Information Controls) (Oct 2016) and DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting (Oct 2016)). Work performed by a PAH under a Project Agreement may involve access to Controlled Unclassified Information (CUI). All Controlled Unclassified Information (CUI) developed under this Agreement will be managed in accordance with DoD Manual 5200.01, Volume 4 dated February 24, 2012. Contractor personnel shall comply with applicable Technology Protection Plans (TPP), Interim Program Protection Plans (IPPP) and/or Program Protection Plans (PPP). If a project involves a Controlled Unclassified Information (CUI) effort, the below listed Department of Defense Directives, Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS), and ARDEC clauses will be incorporated into the Project Agreements by reference with the same force and effect as if they were given in full text.