Common use of IT Security Plan Clause in Contracts

IT Security Plan. The Contractor shall develop, provide, implement, and maintain an IT Security Plan. This plan shall describe the processes and procedures that will be fol- lowed to ensure appropriate security of IT resources that are developed, processed, or used under this contract. The plan shall de- scribe those parts of the contract to which this clause applies. The Contractor’s IT Se- curity Plan shall comply with applicable Federal laws that include, but are not lim- ited to, 40 U.S.C. 11331, the Federal Informa- tion Security Management Act (FISMA) of 2002, and the E-Government Act of 2002. The plan shall meet IT security requirements in accordance with Federal and DOS policies and procedures, as they may be amended from time to time during the term of this contract that include, but are not limited to: (1) OMB Circular A–130, Management of Federal Information Resources, Appendix III, Security of Federal Automated Information Resources; (2) National Institute of Standards and Technology (NIST) Guidelines (see NIST Special Publication 800–37, Guide for the Se- curity Certification and Accreditation of Federal Information Technology Systems (▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/publications/nistpubs/800-37/ SP800-37-final.pdf)); and (3) Department of State information secu- rity sections of the Foreign Affairs Manual (FAM) and Foreign Affairs Handbook (FAH) (▇▇▇▇://▇▇▇▇.▇▇▇▇▇.▇▇▇/Regs/Search.asp), specifi- cally: (i) 12 FAM 230, Personnel Security;

IT Security Plan. The Contractor shall develop, provide, implement, and maintain an IT Security Plan. This plan shall describe the processes and procedures that will be fol- lowed to ensure appropriate security of IT resources that are developed, processed, or used under this contract. The plan shall de- scribe those parts of the contract to which this clause applies. The Contractor’s IT Se- curity Plan shall comply with applicable Federal laws that include, but are not lim- ited to, 40 U.S.C. 11331, the Federal Informa- tion Security Management Act (FISMA) of 2002, and the E-Government Act of 2002. The plan shall meet IT security requirements in accordance with Federal and DOS policies and procedures, as they may be amended from time to time during the term of this contract that include, but are not limited to: (1) OMB Circular A–130, Management of Federal Information Resources, Appendix III, Security of Federal Automated Information Resources; (2) National Institute of Standards and Technology (NIST) Guidelines (see NIST Special Publication 800–37, Guide for the Se- curity Certification and Accreditation of Federal Information Technology Systems (▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/publications/nistpubs/800-37/ SP800-37-final.pdfSP800–37-final.pdf)); and (3) Department of State information secu- rity sections of the Foreign Affairs Manual (FAM) and Foreign Affairs Handbook (FAH) (▇▇▇▇://▇▇▇▇.▇▇▇▇▇.▇▇▇/Regs/Search.asp), specifi- cally: (i) 12 FAM 230, Personnel Security;