Confidentiality, Security, and Privacy
In accordance with the Federal Acquisitions Regulations (FAR) clause 52.239-1, the Contractor
shall be responsible for the following privacy and security safeguards:
(a) The Contractor shall not publish or disclose in any manner, without the Contracting
Officer’s written consent, the details of any safeguards used by the Contractor under the
resulting contract or otherwise provided by or for the government.
(b) To the extent required to carry out a program of inspection to safeguard against threats and
hazards to the security, integrity, and confidentiality of any non-public government data
collected and stored by the Contractor, the Contractor shall afford the government access to
the Contractor’s facilities, installations, technical capabilities, operations, documentation,
records, and databases.
(c) If new or unanticipated threats or hazards are discovered by either the government or the
Contractor, or if existing safeguards have ceased to function, the discoverer shall
immediately bring the situation to the attention of the other party.
(d) The Offeror's solution must comply with the AGENCY NAME CIO IT Security Procedural
Guide CIO-IT Security-09-48, Security Language for IT Acquisition Efforts (see
Attachment 2) as required for a Moderate Impact system.
(e) Work on this project may require or allow contractor personnel access to Privacy
Information. Personnel shall adhere to the Privacy Act, Title 5 of the U.S. Code, Section
552a and applicable agency rules and regulations.
(f) All data at rest will reside within the contiguous United States, the District of Columbia, and
Alaska (CONUS) with a minimum of two data center facilities at two different and distant
geographic locations