 |
Code of Federal Regulations (Last Updated: April 5, 2024) |
 |
Title 48 - Federal Acquisition Regulations System |
|
Chapter 2 - Defense Acquisition Regulations System, Department of Defense |
|
SubChapter F - Special Categories of Contracting |
|
Part 239 - Acquisition of Information Technology |
|
Subpart 239.71 - Security and Privacy for Computer Systems |
§ 239.7102-1 - General.
-
239.7102-1 General.
(a) Agencies shall ensure that information assurance is provided for information technology in accordance with current policies, procedures, and statutes, to include -
(1) The National Security Act;
(2) The Clinger-Cohen Act;
(3) National Security Telecommunications and Information Systems Security Policy No. 11;
(4) Federal Information Processing Standards;
(5) DoD Directive 8500.1, Information Assurance;
(6) DoD Instruction 8500.2, Information Assurance Implementation;
(7) DoD Directive 8140.01, Cyberspace Workforce Management; and
(8) DoD Manual 8570.01-M, Information Assurance Workforce Improvement Program.
(b) For all acquisitions, the requiring activity is responsible for providing to the contracting officer -
(1) Statements of work, specifications, or statements of objectives that meet information assurance requirements as specified in paragraph (a) of this subsection;
(2) Inspection and acceptance contract requirements; and
(3) A determination as to whether the information technology requires protection against compromising emanations.
[69 FR 35534, June 25, 2004, as amended at 73 FR 1829, Jan. 10, 2008; 75 FR 34946, June 21, 2010; 80 FR 56930, Sept. 21, 2015]