Office of Logistics and Acquisition Operations
    
 
Acquisitions
Type of Acquisitions 
Planning and Support 
Purchase Card Program 
Multiple Vehicle Contracts 
Newsletter 
Guides, Policies & Procedures 
Announcements 
FAQs 
Government Property
Transportation
Training
Employee Resources
About OLAO
Vendor Resources

OLAO Home > Acquisitions > Announcements > Simplified Acquisitions
Information Technology Systems Security Requirements for NIH Acquisitions

MEMORANDUM

 

Date:                March 10, 2004

 

From:                Director, Division of Acquisition Programs, OLAO, OA

 

Subject:            Information Technology Systems Security Requirements for NIH Acquisitions

 

To:                    DELPRO Approving and Ordering Officials, Purchase Card Holders, and Purchasing Agents in the Centralized/Decentralized Ordering Offices

 

We have been asked by CIT to remind you of an existing requirement to comply with the Department’s Information Technology systems security requirements whenever you process an acquisition that involves IT where the contractor/vendor will develop or have access to a federal automated information system (AIS).  These requirements include, but are not limited to clerical and secretarial support, computer services, system analyst, computer programmers, website developers and systems maintenance and database support.  In general, anyone developing or having access to an NIH system and IT contractors will need a security clearance.

 

The Computer Security Act of 1987 (P.L. 100-235) was enacted to improve the security of information in federal computer systems and to ensure that information accessed by contractor/vendor employees from federal AISs is adequately safeguarded.  To ensure that all applicable requirements are covered, the Department has implemented this Act such that it encompasses all types of acquisitions, including purchase orders, records of call, and purchase card transactions.

 

If you receive an IT requirement that meets the definition, you should contact your Institute’s ISSO (Information Systems Security Officer).  Their names can be found at http://irm.cit.nih.gov/nihsecurity/scroster.html.  They will guide you through the process to ensure that you assign the appropriate clearance category.  You may also contact Thomas Mitchell, CIT/ODCIO (301-594-2750, tm4d@nih.gov) for further assistance.

 

For additional information, the Department of Health and Human Services (HHS) automated information systems security program (AISSP) is contained in the HHS AISSP Handbook http://irm.cit.nih.gov/policy/aissp.html.  Further guidance is contained in the HHS Personnel Security/Suitability Handbook http://www.hhs.gov/ohr/manual/pssh.pdf,  HHS Instruction 731-1, Personnel Security/Suitability Program http://www.hhs.gov/ohr/manual/98_1.pdf, and CIT’s Security Planning and Assessment (Tables 1-3) website

 http://irm.cit.nih.gov/security/sec_policy.html.

Purchasing Agents in the Centralized/Decentralized Ordering Offices should also be sure that the following clauses are incorporated by reference into their orders as appropriate:

 

·         FAR clause 52.204-2, “Security Requirements” (August 1996), when the acquisition may require contractor/vendor employees to access classified information.  This FAR clause can be accessed at http://www.arnet.gov/far/farqueryframe.html.

·         FAR clause 52-239-1, “Privacy or Security Safeguards” (August 1996), when the acquisition is for IT services requiring security of IT and/or the design, development or operation of a system of records using commercial IT services or support services.  This FAR clause can be accessed at http://www.arnetgov/far/farqueryframe.html.

 

 

                                                                                                Laurie J. Weker

 

 
Simplified Acquisitions
 •9/28/06 Micro-Purchase Threshold Increase
 •Archives - News Flashes
 •Capital Equipment Purchases Exceeding $1M
 •CCR (Central Contractor Registration) Requirements
 •Clause Required for Orders With NIH Contractors Who Use NIH E-Mail Services
 •DCIS Update
 •Discount Validation Process
 •Federal Prison Industries (UNICOR)
 •Information Technology Systems Security Requirements for NIH Acquisitions
 •Invoice and Payment Provisions, dated 9/13/2007
 •Invoice Payment Procedures for Simplified Acquisition Vendors, dated 9/21/2007
 •Manual Chapter 1160-1 Entertainment, Appendix 3 (Light Refreshments)
 •NBS Instructions for Internal Task/Delivery Orders (TODOs) against "D" Type Contracts
 •Pathway to Knowledge - Lecture Series
 •Purchasing Professional Credentials for Employees
 •Request for Approval of Appropriated Funds to Pay for Professional Credentials
 •Section 508 Exemption for a One-Time Purchase of $2,500 or Less
 •SF44 Update
 •Simplified Acquisition Committee (SAC) Meeting Minutes
 •Small Business Review Form
 •Temporary Policy For Professional Services
 •Use of Appropriated Funds to Purchase Kitchen Appliances


[ Contact Us | Privacy Statement | Accessibility | Terms of Use ]

[ Office of the Associate Director(OD)Division of Information Technology Acquisition (DITA)Division of Logistics Services (DLS)Office of Acquisitions, OLAO ]

National Institutes of Health National Institutes of Health Department of Health and Human Services Department of Health and
Human Services		  USAGov
 
Office of Acquisition and Logistics Management Office of Acquisition and
Logistics Management		 NIH Information Technology Acquisition and Assessment Center NIH Information Technology
Acquisition and Assessment
Center		    FOIA