Jump to content
The Wifcon Forums and Blogs
Puzzled

Privacy & Security Safeguards Reporting?

Recommended Posts

Hello. Can anyone help me understand what the phrases "new or unanticipated threats or hazards" and "existing safeguards have ceased to function" mean in FAR 52.239-1(c)? I'm trying to understand this disclosure obligation as it applies to COTS software. I haven't been able to find any guidance on what those clauses mean or what would trigger the disclosure. Thanks.

 

FAR 39.106 Contract clause.

The contracting officer shall insert a clause substantially the same as the clause at 52.239-1 , Privacy or Security Safeguards, in solicitations and contracts for information technology which require security of information technology, and/or are for the design, development, or operation of a system of records using commercial information technology services or support services.

52.239-1 PRIVACY OR SECURITY SAFEGUARDS (AUG 1996)

(a) The Contractor shall not publish or disclose in any manner, without the Contracting Officer's written consent, the details of any safeguards either designed or developed by the Contractor under this contract or otherwise provided by the Government.

(b) To the extent required to carry out a program of inspection to safeguard against threats and hazards to the security, integrity, and confidentiality of Government data, the Contractor shall afford the Government access to the Contractor's facilities, installations, technical capabilities, operations, documentation, records, and databases.

(c) If new or unanticipated threats or hazards are discovered by either the Government or the Contractor, or if existing safeguards have ceased to function, the discoverer shall immediately bring the situation to the attention of the other party.

Share this post


Link to post
Share on other sites

FAR 52.204-21 can give you a flavor for what "safeguards" might mean in 52.239-1, even if 52.204-21 is not included in the contract...more research needed.      

Share this post


Link to post
Share on other sites
On 4/10/2019 at 10:35 AM, Puzzled said:

 I'm trying to understand this disclosure obligation as it applies to COTS software. I haven't been able to find any guidance on what those clauses mean or what would trigger the disclosure.

To clarify, Puzzled, your company is the prime contractor and your company is required to provide COTS software to the Government as its end item, which your company designed and developed?

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...