Title 48

SECTION 952.204-76

952.204-76 Conditional payment of fee or profit - safeguarding restricted data and other classified information.

As prescribed at 904.404(d)(6), insert the following clause:

Conditional Payment of Fee or Profit - Safeguarding Restricted Data and Other Classified Information (JAN 2004)

(a) General. (1) The payment of fee or profit (i.e., award fee, fixed fee, and incentive fee or profit) under this contract is dependent upon the Contractor's compliance with the terms and conditions of this contract relating to the safeguarding of Restricted Data and other classified information (i.e., Formerly Restricted Data and National Security Information) including compliance with applicable law, regulation, and DOE directives. The term “Contractor” as used in this clause to address failure to comply shall mean “Contractor or Contractor employee.”

(2) In addition to other remedies available to the Government, if the Contractor fails to comply with the terms and conditions of this contract relating to the safeguarding of Restricted Data and other classified information, the Contracting Officer may unilaterally reduce the amount of fee or profit that is otherwise payable to the Contractor in accordance with the terms and conditions of this clause.

(3) Any reduction in the amount of fee or profit earned by the Contractor will be determined by the severity of the Contractor's failure to comply with contract terms and conditions relating to the safeguarding of restricted data or other classified information pursuant to the degrees specified in paragraph (c) of this clause.

(b) Reduction amount. (1) If in any period (see 48 CFR 952.204-76 (b)(2)) it is found that the Contractor has failed to comply with contract terms and conditions relating to the safeguarding of Restricted Data or other classified information, the Contractor's fee or profit of the period may be reduced. Such reduction shall not be less than 26 percent nor greater than 100 percent of the total fee or profit earned for a first degree performance failure, not less than 11 percent nor greater than 25 percent for a second degree performance failure, and up to 10 percent for a third degree performance failure. The Contracting Officer must consider mitigating factors that may warrant a reduction below the specified range (see 48 CFR 904.402(c)). The mitigating factors include, but are not limited to, the following:

(i) Degree of control the Contractor had over the event or incident.

(ii) Efforts the Contractor had made to anticipate and mitigate the possibility of the event in advance.

(iii) Contractor self-identification and response to the event to mitigate impacts and recurrence.

(iv) General status (trend and absolute performance) of safeguarding Restricted Data and other classified information and compliance in related security areas.

(2)(i) Except in the case of performance-based firm-fixed-price contracts (see paragraph (b)(3) of this clause), the Contracting Officer, for purposes of this clause, will at the time of contract award, or as soon as practicable thereafter, allocate the total amount of fee or profit that is available under this contract to equal periods of [insert 6 or 12] months to run sequentially for the entire term of the contract (i.e., from the effective date of the contract to the expiration date of the contract, including all options). The amount of fee or profit to be allocated to each period shall be equal to the average monthly fee or profit that is available or otherwise payable during the entire term of the contract, multiplied by the number of months established above for each period.

(ii) Under this clause, the total amount of fee or profit that is subject to reduction in a period in which a performance failure occurs, in combination with any reduction made under any other clause in the contract that provides for a reduction to the fee or profit, shall not exceed the amount of fee or profit that is earned by the Contractor in the period established pursuant to paragraph (b)(2)(i) of this clause.

(3) For performance-based firm-fixed-price contracts, the Contracting Officer will at the time of contract award include negative monetary incentives in the contract for Contractor violations relating to the safeguarding of Restricted Data and other classified information.

(c) Safeguarding restricted data and other classified information. Performance failures occur if the Contractor does not comply with the terms and conditions of this contract relating to the safeguarding of Restricted Data and other classified information. The degrees of performance failures relating to the Contractor's obligations under this contract for safeguarding of Restricted Data and other classified information are as follows:

(1) First Degree: Performance failures that have been determined, in accordance with applicable law, regulation, or DOE directive, to have resulted in, or that can reasonably be expected to result in, exceptionally grave damage to the national security. The following are examples of performance failures or performance failures of similar import that will be considered first degree:

(i) Non-compliance with applicable laws, regulations, and DOE directives actually resulting in, or creating a risk of, loss, compromise, or unauthorized disclosure of Top Secret Restricted Data or other information classified as Top Secret, any classification level of information in a Special Access Program (SAP), information identified as sensitive compartmented information (SCI), or high risk nuclear weapons-related data.

(ii) Contractor actions that result in a breakdown of the safeguards and security management system that can reasonably be expected to result in the loss, compromise, or unauthorized disclosure of Top Secret Restricted Data, or other information classified as Top Secret, any classification level of information in a SAP, information identified as SCI, or high risk nuclear weapons-related data.

(iii) Failure to promptly report the loss, compromise, or unauthorized disclosure of Top Secret Restricted Data or other information classified as Top Secret, any classification level of information in a SAP, information identified as SCI, or high risk nuclear weapons-related data.

(iv) Failure to timely implement corrective actions stemming from the loss, compromise, or unauthorized disclosure of Top Secret Restricted Data or other information classified as Top Secret, any classification level of information in a SAP, information identified as SCI, or high risk nuclear weapons-related data.

(2) Second Degree: Performance failures that have been determined, in accordance with applicable law, regulation, or DOE directive, to have actually resulted in, or that can reasonably be expected to result in, serious damage to the national security. The following are examples of performance failures or performance failures of similar import that will be considered second degree:

(i) Non-compliance with applicable laws, regulations, and DOE directives actually resulting in, or creating risk of, loss, compromise, or unauthorized disclosure of Secret Restricted Data or other information classified as Secret.

(iii) Failure to promptly report the loss, compromise, or unauthorized disclosure of Restricted Data or other information regardless of classification (except for information covered by paragraph (c)(1)(iii) of this clause).

(iv) Failure to timely implement corrective actions stemming from the loss, compromise, or unauthorized disclosure of Secret Restricted Data or other information classified as Secret.

(3) Third Degree: Performance failures that have been determined, in accordance with applicable law, regulation, or DOE directive, to have actually resulted in, or that can reasonably be expected to result in, undue risk to the common defense and security. In addition, this category includes performance failures that result from a lack of Contractor management and/or employee attention to the proper safeguarding of Restricted Data and other classified information. These performance failures may be indicators of future, more severe performance failures and/or conditions, and if identified and corrected early would prevent serious incidents. The following are examples of performance failures or performance failures of similar import that will be considered third degree:

(i) Non-compliance with applicable laws, regulations, and DOE directives actually resulting in, or creating risk of, loss, compromise, or unauthorized disclosure of Restricted Data or other information classified as Confidential.

(ii) Failure to promptly report alleged or suspected violations of laws, regulations, or directives pertaining to the safeguarding of Restricted Data or other classified information.

(iii) Failure to identify or timely execute corrective actions to mitigate or eliminate identified vulnerabilities and reduce residual risk relating to the protection of Restricted Data or other classified information in accordance with the Contractor's Safeguards and Security Plan or other security plan, as applicable.

(iv) Contractor actions that result in performance failures which unto themselves pose minor risk, but when viewed in the aggregate indicate degradation in the integrity of the Contractor's safeguards and security management system relating to the protection of Restricted Data and other classified information.

(End of clause) [68 FR 68777, Dec. 10, 2003, as amended at 74 FR 36368, 36370, 36378, 36380, July 22, 2009]