Amendment Of Solicitation/modification Of Contract Page 36
ADVERTISEMENT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40CONTRACT NO.
DELIVERY ORDER NO.
AMENDMENT/MODIFICATION NO.
PAGE
FINAL
N00178-14-D-7635
M801
02
34 of 38
hours of discovery of any cyber incident, as described in paragraph (d)(2) of this clause, that affects
unclassified controlled technical information resident on or transiting through the Contractor’s
unclassified information systems:
(i) Data Universal Numbering System (DUNS).
(ii) Contract numbers affected unless all contracts by the company are affected.
(iii) Facility CAGE code if the location of the event is different than the prime
Contractor location.
(iv) Point of contact if different than the POC recorded in the System for Award
Management (address, position, telephone, email).
(v) Contracting Officer point of contact (address, position, telephone, email).
(vi) Contract clearance level.
(vii) Name of subcontractor and CAGE code if this was an incident on a
Sub-
contractor network.
(viii) DoD programs, platforms or systems involved.
(ix) Location(s) of compromise.
(x) Date incident discovered.
(xi) Type of compromise (e.g., unauthorized access, inadvertent release, other).
(xii) Description of technical information compromised.
(xiii) Any additional information relevant to the information compromise.
(2) Reportable cyber incidents. Reportable cyber incidents include the following:
(i) A cyber incident involving possible exfiltration, manipulation, or other loss or
compromise of any unclassified controlled technical information resident on or transiting through
Contractor’s, or its subcontractors’, unclassified information systems.
(ii) Any other activities not included in paragraph (d)(2)(i) of this clause that allow
unauthorized access to the Contractor’s unclassified information system on which unclassified
controlled technical information is resident on or transiting.
(3) Other reporting requirements. This reporting in no way abrogates the Contractor’s
responsibility for additional safeguarding and cyber incident reporting requirements pertaining to its
unclassified information systems under other clauses that may apply to its contract, or as a result of
other U.S. Government legislative and regulatory requirements that may apply (e.g., as cited in
paragraph (c) of this clause).
(4) Contractor actions to support DoD damage assessment. In response to the reported
cyber incident, the Contractor shall—
(i) Conduct further review of its unclassified network for evidence of compromise
resulting from a cyber incident to include, but is not limited to, identifying compromised computers,
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Business