Amendment Of Solicitation/modification Of Contract Page 34
ADVERTISEMENT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40CONTRACT NO.
DELIVERY ORDER NO.
AMENDMENT/MODIFICATION NO.
PAGE
FINAL
N00178-14-D-7635
M801
02
32 of 38
“Exfiltration” means any unauthorized release of data from within an information system. This
includes copying the data through covert network channels or the copying of data to unauthorized
media.
“Media” means physical devices or writing surfaces including, but is not limited to, magnetic tapes,
optical disks, magnetic disks, large-scale integration memory chips, and printouts onto which
information is recorded, stored, or printed within an information system.
“Technical information” means technical data or computer software, as those terms are defined in
the clause at DFARS 252.227-7013, Rights in Technical Data-Non Commercial Items, regardless of
whether or not the clause is incorporated in this solicitation or contract. Examples of technical
information include research and engineering data, engineering drawings, and associated lists,
specifications, standards, process sheets, manuals, technical reports, technical orders, catalog-item
identifications, data sets, studies and analyses and related information, and computer software
executable code and source code.
(b) Safeguarding requirements and procedures for unclassified controlled technical information.
The Contractor shall provide adequate security to safeguard unclassified controlled technical
information from compromise. To provide adequate security, the Contractor shall—
(1) Implement information systems security in its project, enterprise, or company-wide
unclassified information technology system(s) that may have unclassified controlled technical
information resident on or transiting through them. The information systems security program shall
implement, at a minimum—
(i) The specified National Institute of Standards and Technology (NIST) Special
Publication (SP) 800-53 security controls identified in the following table; or
(ii) If a NIST control is not implemented, the Contractor shall submit to the
Contracting Officer a written explanation of how—
(A) The required security control identified in the following table is not applicable;
or
(B) An alternative control or protective measure is used to achieve equivalent
protection.
(2) Apply other information systems security requirements when the Contractor reasonably
determines that information systems security measures, in addition to those identified in paragraph
(b)(1) of this clause, may be required to provide adequate security in a dynamic environment based on
an assessed risk or vulnerability.
Table 1 -- Minimum Security Controls for Safeguarding
Minimum required security controls for unclassified controlled technical information requiring
safeguarding in accordance with paragraph (d) of this clause. (A description of the security controls is
in the NIST SP 800-53, “Security and Privacy Controls for Federal Information Systems and
Organizations” ( ).)
Access
Audit &
Identification and
Media Protection
System &
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Business