Title 48

SECTION 3452.239-72

3452.239-72 Department security requirements.

As prescribed in 3439.702, include the following clause in contracts when the contractor's employees will have access to Department-controlled facilities or space, or when the work (wherever located) would involve the design, operation, repair, or maintenance of information systems and access to sensitive but unclassified information:

Department Security Requirements (MAR 2011)

(a) The contractor and its subcontractors shall comply with Department security policy requirements as set forth in the “Bidder's Security Package: Security Requirements for Contractors Doing Business with the Department of Education” at http://www.ed.gov/fund/contract/about/bsp.html.

(b) The following are the contractor employee positions required under this contract and their designated risk levels:

High Risk (HR): [Specify HR positions.]

Moderate Risk (MR): [Specify MR positions.]

Low Risk (LR): [Specify LR positions.]

(c) All contractor employees must undergo personnel security screening if they will be employed for 30 days or more, in accordance with Departmental Directive OM:5-101, “Contractor Employee Personnel Security Screenings.” The type of screening and the timing of the screening will depend upon the nature of the contractor position, the type of data to be accessed, and the type of information technology (IT) system access required. Personnel security screenings will be commensurate with the risk and magnitude of harm the individual could cause.

(d) The contractor shall -

(1) Ensure that all non-U.S. citizen contractor employees are lawful permanent residents of the United States or have appropriate work authorization documents as required by the Department of Homeland Security, Bureau of Immigration and Appeals, to work in the United States.

(2) Ensure that no employees are assigned to high risk designated positions prior to a completed preliminary screening.

(3) Submit all required personnel security forms to the contracting officer's representative (COR) within 24 hours of an assignment to a Department contract and ensure that the forms are complete.

(4) Ensure that no contractor employee is placed in a higher risk position than that for which he or she was previously approved, without the approval of the contracting officer or the COR, the Department personnel security officer, and the Department computer security officer.

(5) Ensure that all contractor employees occupying high-risk designated positions submit forms for reinvestigation every five years for the duration of the contract or if there is a break in service to a Department contract of 365 days or more.

(6) Report to the COR all instances of individuals seeking to obtain unauthorized access to any departmental IT system, or sensitive but unclassified and/or Privacy Act protected information.

(7) Report to the COR any information that raises an issue as to whether a contractor employee's eligibility for continued employment or access to Department IT systems, or sensitive but unclassified and/or Privacy Act protected information, promotes the efficiency of the service or violates the public trust.

(8) Withdraw from consideration under the contract any employee receiving an unfavorable adjudication determination.

(9) Officially notify each contractor employee if he or she will no longer work on a Department contract.

(10) Abide by the requirements in Departmental Directive OM:5-101, “Contractor Employee Personnel Security Screenings.”

(e) Further information including definitions of terms used in this clause and a list of required investigative forms for each risk designation are contained in Departmental Directive OM:5-101, “Contractor Employee Personnel Security Screenings” available at the Web site listed in the first paragraph of this clause.

(f) Failure to comply with the contractor personnel security requirements may result in a termination of the contract for default.

(End of clause)