Current through October 31, 2024
Section 1252.239-72 - Compliance with Safeguarding DOT Sensitive Data ControlsAs prescribed in TAR 1239.7003(a), insert the following clause:
Compliance With Safeguarding DOT Senitive Data Controls (NOV 2022)
(a) The Contractor shall implement security requirements contained in clause 1252.239-74, Safeguarding DOT Sensitive Data and Cyber Incident Reporting, for all DOT sensitive data on all Contractor information systems that support the performance of this contract.(b) Contractor information systems not part of an information technology service or system operated on behalf of the Government as part of this contract are not subject to the provisions of this clause.(c) By submission of this offer, the Offeror represents that it will implement the security requirements specified by National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Revision 2, "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations" at https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final that are in effect at the time the solicitation is issued or as authorized by the contracting officer.(d) If the Offeror proposes to vary from any security requirements specified by NIST SP 800-171, Rev. 2 in effect at the time the solicitation is issued or as authorized by the Contracting Officer, the Offeror shall submit to the Contracting Officer, for consideration by the DOT Chief Information Officer (CIO), a written explanation of-(1) Why a particular security requirement is not applicable; or(2) How the Contractor will use an alternative, but equally effective, security measure to satisfy the requirements of NIST SP 800-171, Rev. 2.(e) The Office of the DOT CIO will evaluate offeror requests to vary from NIST SP 800-171, Rev. 2 requirements and inform the Offeror in writing of its decision before contract award. The Contracting Officer will incorporate accepted variance(s) from NIST SP 800-171, Rev. 2 into any resulting contract.(End of clause)