Laserfiche WebLink
Contract Clauses for Solicitation 47QSMD20R0001 Refresh Number 9 Contract Number: GS-07F-0031W <br />Information system means a discrete set of information resources organized for the collection, processing, <br />maintenance, use, sharing, dissemination, or disposition of information (44 U.S.C. 3502). <br />Sgfeguarding means measures or controls that are prescribed to protect information systems. <br />(b) Sgfeguarding requirements and procedures. <br />(1) The Contractor shall apply the following basic safeguarding requirements and procedures to <br />protect covered contractor information systems. Requirements and procedures for basic <br />safeguarding of covered contractor information systems shall include, at aminimum, the <br />following security controls: <br />(i) Limit information system access to authorized users, processes acting on behalf of <br />authorized users, or devices (including other information systems). <br />(ii) Limit information system access to the types of transactions and functions that <br />authorized users are permitted to execute. <br />(iii) Verify and control/limit connections to and use of external information systems. <br />(iv) Control information posted or processed on publicly accessible information systems. <br />(v) Identify information system users, processes acting on behalf of users, or devices. <br />(vi) Authenticate (or verify) the identities of those users, processes, or devices, as a <br />prerequisite to allowing access to organizational information systems. <br />(vii) Sanitize or destroy information system media containing Federal Contract <br />Information before disposal or release for reuse. <br />(viii) Limit physical access to organizational information systems, equipment, and the <br />respective operating environments to authorized individuals. <br />(ix) Escort visitors and monitor visitor activity; maintain audit logs of physical access; <br />and control and manage physical access devices. <br />(x) Monitor, control, and protect organizational communications (i.e., information <br />transmitted or received by organizational information systems) at the external boundaries <br />and key internal boundaries of the information systems. <br />(xi) Implement subnetworks for publicly accessible system components that are <br />physically or logically separated from internal networks. <br />(xii) Identify, report, and correct information and infornlation system flaws in a timely <br />manner. <br />(xiii) Provide protection from malicious code at appropriate locations within <br />organizational infornlation systems. <br />(xiv) Update malicious code protection mechanisms when new releases are available. <br />(xv) Perform periodic scans of the information system and real-time scans of files from <br />external sources as files are downloaded, opened, or executed. <br />(2) Other requirements. This clause does not relieve the Contractor of any other specific <br />safeguarding requirements specified by Federal agencies and departments relating to covered <br />contractor information systems generally or other Federal safeguarding requirements for <br />Page:53 of 211 <br />