Jump to content

Privacy & Security Safeguards Reporting?


Puzzled

Recommended Posts

Hello. Can anyone help me understand what the phrases "new or unanticipated threats or hazards" and "existing safeguards have ceased to function" mean in FAR 52.239-1(c)? I'm trying to understand this disclosure obligation as it applies to COTS software. I haven't been able to find any guidance on what those clauses mean or what would trigger the disclosure. Thanks.

 

FAR 39.106 Contract clause.

The contracting officer shall insert a clause substantially the same as the clause at 52.239-1 , Privacy or Security Safeguards, in solicitations and contracts for information technology which require security of information technology, and/or are for the design, development, or operation of a system of records using commercial information technology services or support services.

52.239-1 PRIVACY OR SECURITY SAFEGUARDS (AUG 1996)

(a) The Contractor shall not publish or disclose in any manner, without the Contracting Officer's written consent, the details of any safeguards either designed or developed by the Contractor under this contract or otherwise provided by the Government.

(b) To the extent required to carry out a program of inspection to safeguard against threats and hazards to the security, integrity, and confidentiality of Government data, the Contractor shall afford the Government access to the Contractor's facilities, installations, technical capabilities, operations, documentation, records, and databases.

(c) If new or unanticipated threats or hazards are discovered by either the Government or the Contractor, or if existing safeguards have ceased to function, the discoverer shall immediately bring the situation to the attention of the other party.

Link to comment
Share on other sites

On 4/10/2019 at 10:35 AM, Puzzled said:

 I'm trying to understand this disclosure obligation as it applies to COTS software. I haven't been able to find any guidance on what those clauses mean or what would trigger the disclosure.

To clarify, Puzzled, your company is the prime contractor and your company is required to provide COTS software to the Government as its end item, which your company designed and developed?

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...