Common use of SENSITIVE SECURITY INFORMATION Clause in Contracts

SENSITIVE SECURITY INFORMATION. a. Although records held by Federal agencies are subject to the Freedom of Information Act (FOIA), information submitted by applicants under the Manhattan II Project Cooperative Agreement will be considered "Sensitive Security Information" for FOIA purposes. Information on the "Sensitive Security Information" FOIA category is contained in 49 CFR Part 1520, published in the Federal Register (67 FR 8340, dated February 22, 2002). Applications may also contain "trade secret and commercial or financial information" which would not be publicly released under Exemption 4. b. Under 49 U.S.C. 40119 and 49 CFR Part 1520, sensitive security information is not available for public inspection or copying, and information in these records will not be released to the public. Information that may not be released may include, but is not limited to, references to vulnerabilities, risk, safeguards/mitigation (countermeasures), threats or any other information or data referred to in 49 CFR 1520. c. Applicants must place the following legend on their proposals and any supporting information submitted under the Manhattan II Project Cooperative Agreement which contains information of the type described above: SENSITIVE SECURITY INFORMATION/FOR OFFICIAL USE ONLY WARNING: THIS DOCUMENT CONTAINS SENSITIVE SECURITY INFORMATION THAT IS CONTROLLED UNDER THE PROVISIONS OF 49 CFR PART 1520. NO PART OF THIS DOCUMENT MAY BE RELEASED WITHOUT THE WRITTEN PERMISSION OF THE UNDER SECRETARY OF TRANSPORTATION FOR SECURITY, ▇▇▇▇▇▇▇▇▇▇, ▇▇ ▇▇▇▇▇. UNAUTHORIZED RELEASE MAY RESULT IN CIVIL PENALTY OR OTHER ACTION. FOR U.S. GOVERNMENT AGENCIES, PUBLIC AVAILABILTIY IS TO BE DETERMINED UNDER 5 U.S.C. 552. d. Information identified as sensitive security information will be handled according to procedures for handling sensitive but unclassified (SBU) information, company proprietary information, including applications, or source selection sensitive information.

SENSITIVE SECURITY INFORMATION. a. Although records held by Federal agencies are subject to The Consultant shall not, during the Freedom term of Information Act (FOIA)this Agreement and forever thereafter, information submitted by applicants under the Manhattan II Project Cooperative Agreement will be considered "Sensitive Security Information" for FOIA purposes. Information on the "Sensitive Security Information" FOIA category is contained in 49 CFR Part 1520knowingly divulge, published in the Federal Register (67 FR 8340, dated February 22, 2002). Applications may also contain "trade secret and commercial furnish or financial information" which would not be publicly released under Exemption 4. b. Under 49 U.S.C. 40119 and 49 CFR Part 1520, make available any sensitive security information is not available informat ion to any third person, firm or organ ization, without the Owner’s knowledge and prior written consent, including requests for public inspection or copying, and information in these records will not be released to the public. Information that may not be released may include, but is not limited to, references to vulnerabilities, risk, safeguards/mitigation (countermeasures), threats or any other information or data referred to in 49 CFR 1520. c. Applicants must place the following legend on their proposals and any supporting information submitted under the Manhattan II Project Cooperative Agreement which contains information of the type described above: SENSITIVE SECURITY INFORMATION/FOR OFFICIAL USE ONLY WARNING: THIS DOCUMENT CONTAINS SENSITIVE SECURITY INFORMATION THAT IS CONTROLLED UNDER THE PROVISIONS OF 49 CFR PART 1520. NO PART OF THIS DOCUMENT MAY BE RELEASED WITHOUT THE WRITTEN PERMISSION OF THE UNDER SECRETARY OF TRANSPORTATION FOR SECURITY, said inform ▇▇▇▇▇▇▇▇▇▇▇ made in the course of judicial or legislative proceedings where such information has been properly subpoenaed, Consultant is further prohibited from releasing and reproducing security sensitive information within Co nsultant s firm and distribution among Consultant s Subconsultants without the Owner s knowledge and prior written consent, 8.5.1 SSI: Sensitive Security Information also noted as (S SI) is information that, if publicly released, would be detrimental to transportation security, as defined by F ederal regulation 49 C.F.R. part 1520. Although SSI is not classified information, there are specific procedures fo r recognizing, marking, protecting, safely sharing, and destroying SSI. Persons receiving SSI are considered covered persons under the SSI regulation in order to carry out responsibilities related to transportation security and are obligated to protect this information from unauthorized disclosure. A. The following information indicates requirements for access to, control of, and/or distribution of Project Documents Marked as Sensitive Security Information or SSI. 1. You Must Lock All SSI: Store SSI in a secure container such as a locked file cabinet or drawer (as defined by Federal regul ation 49 C.F.R. part 1520.9 (a)(1)). 2. You Must When No Longer Needed, ▇▇ ▇▇▇▇▇. UNAUTHORIZED RELEASE MAY RESULT IN CIVIL PENALTY OR OTHER ACTION. FOR U.S. GOVERNMENT AGENCIES, PUBLIC AVAILABILTIY IS TO BE DETERMINED UNDER 5 U.S.C. 552▇ SSI: Destruction of SSI must be complete to preclude recognition or reconstruction of the information (as defined by Federal regulation 49 C.F.R. part 1520.19). d. Information identified 3. You Must Mark SSI: The regulation require s that even when only a small portion of a paper document contains SSI, every page of the document must be marked with the SSI header and footer shown at left (as sensitive security defi ▇▇▇ by Federal regulation 49 C.F.R. part 1520.13). Alteration of the footer is not authorized. B. Reasonable steps must be taken to safeguard SSI. While the regulation does not define reasonable steps, the TSA SSI Branch offers t he following best practices as examples of Orlando International and Executive Airport Continuing On-Call Architecture and Engineering Consulting Services Agreement for Continuing Professional Services reasonable steps: 1. Use an SSI cover sheet on all SSI materials. 2. Electronic presentations (e.g., PowerPoi nt) should be marked with the SSI header on all pages and the SSI footer on the first and last pages of the presentation. 3. Spreadsheets should be marked with the SSI header on every page and the SSI footer on every page or at the end of the document. 4. Video and audio should be marked with the SSI header and footer on the protective cover when able and the header and footer shoul d be shown and/or read at the beginning and end of the program. 5. CDs/DVDs should be encrypt ed or password-protected and the header and footer should be affixed to the CD/DVD. 6. Portable drives including flash or thumb drives should not themselves be marked, but the drive itself should be encrypted or all SSI documents stored on it should be password protected. 7. When leaving your computer or desk you must lock all SSI and you should lock or turn off your computer. 8. Taking SSI home is not recommended. If neces sary, get permission from a supervisor and lock all SSI at home. 9. Do not handle SSI on computers that have peer -to-peer software installed on them or on your home computer. 10. Transmit SSI via email only in a password protected attachment, not in the body of the email. Send the password without identif ying information in a separate email or by phone. 11. Passwords for SSI documents should contain at least eight characters, have at least one uppercase and one lowercase letter, contain at least one number, one special character and not be a word in the dictionary. 12. Faxing of SSI should be done by first veri fying the fax number and that the intended recipient will be handled according available promptly to procedures for handling sensitive but unclassified retrieve the SSI. 13. SSI should be mailed by U.S. First Class ma il or other traceable delivery service using an opaque envelope or wrapping. The outside wrapping (SBUi.e. box or envelope) informationshould not be marked as SSI. 14. Interoffice mail should be sent using an unmar ked, company proprietary informationopaque, including applicationssealed envelope so that the SSI cannot be read through the envelope. 15. SSI stored in network folders should either require a password to open or the network should limit access to the folder to only those with a need to know. 16. Properly destroy SSI using a cross-cut shredder or by cutting manually into less than ‰ inch squares. 17. Properly destroy electronic records using any method that will preclude recognition or reconstruction. 18. Maintain an up-to-date record of all SSI Documents and list of persons with access to SSI Documents. C. When transmitting SSI, the SSI marking must be applied to the transmittal document (letter, memorandum, or source selection sensitive fax). The transmittal document must contain, if applicable, a disclaimer noting that it is no longer SSI when it is detached from the SSI it is transmitting (transmittal e-mails do not need to contain this disclaimer), and a warning that if received by an unintended or different recipient, the sender must be notified immediately. D. When discussing or transmitting SSI to another individual(s), DHS Covered Persons must ensure that the individual with whom the discussion is to be held or the information is to be transferred has a valid Need-to-know. In addition, DHS Cove red Persons must ensure that precautions are Orlando International and Executive Airport Continuing On-Call Architecture and Engineering Consulting Services Agreement for Continuing Professional Services taken to prevent unauthorized individuals from overhearing the conversation, observing the materials, or otherwise accessing the information. E. SSI shall be mailed in a manner that offers reasonable protection of the sent materials and sealed in such a manner as to prevent inadvertent opening and show evidence of tampering. F. SSI may be mailed by U.S. Postal Service Firs t Class Mail or an authorized commercial delivery service such as DHL or Federal Express. G. SSI may be entered into an inter-offi ce mail system provided it is a fforded sufficient protection to prevent unauthorized access, e.g., sealed envelope.

SENSITIVE SECURITY INFORMATION. a. Although records held by Federal agencies are subject to The Consultant shall not, during the Freedom term of Information Act (FOIA)this Agreement and forever thereafter, information submitted by applicants under the Manhattan II Project Cooperative Agreement will be considered "Sensitive Security Information" for FOIA purposes. Information on the "Sensitive Security Information" FOIA category is contained in 49 CFR Part 1520knowingly divulge, published in the Federal Register (67 FR 8340, dated February 22, 2002). Applications may also contain "trade secret and commercial furnish or financial information" which would not be publicly released under Exemption 4. b. Under 49 U.S.C. 40119 and 49 CFR Part 1520, make available any sensitive security information to any third person, firm or organization, without the Owner's knowledge and prior written consent, including requests for said information made in the course of judicial or legislative proceedings where such information has been properly subpoenaed, Consultant is further prohibited from releasing and reproducing security sensitive information within Consultant's firm and distribution among Consultant's Subconsultants without the Owner's knowledge and prior written consent. 8.5.1 SSI: Sensitive Security Information -- also noted as (SSI) -- is information that, if publicly released, would be detrimental to critical infrastructure security, as defined by Federal regulation 49 C.F.R. part 1520. Although SSI is not available classified information, there are specific procedures for public inspection or copyingrecognizing, marking, protecting, safely sharing, and destroying SSI. Persons receiving SSI are considered "covered persons" under the SSI regulation, in order to carry out responsibilities related to critical infrastructure security and are obligated to protect this information from unauthorized disclosure. 8.5.2 The following information indicates requirements for access to, control of, and/or distribution of Project Documents Marked as Sensitive Security Information or SSI. o You Must -- Lock All SSI: Store SSI in these records will a secure container such as a locked file cabinet or drawer (as defined by Federal regulation 49 C.F.R. part 1520.9 (a)(1)). • You Must -- When No Longer Needed, Destroy SSI: Destruction of SSI must be complete to preclude recognition or reconstruction of the information (as defined by Federal regulation 49 C.F.R. part 1520.19). • You Must -- Mark SSI: The regulation requires that even when only a small portion of a paper document contains SSI, every page of the document must be marked with the SSI header and footer shown at left (as defined by Federal regulation 49 C.F.R. part 1520.13). Alteration of the footer is not authorized. • Reasonable steps must be released taken to safeguard SSI. While the regulation does not define reasonable steps, the following best practices, tailored to the publicTown of Eatonville, are recommended for handling SSI materials: o Use an SSI cover sheet on all SSI materials. Information that may o Electronic presentations (e.g., PowerPoint) should be marked with the SSI header on all pages and the SSI footer on the first and last pages of the presentation. o Spreadsheets should be marked with the SSI header on every page and the SSI footer on every page or at the end of the document. o Video and audio should be marked with the SSI header and footer on the protective cover when able and the header and footer should be shown and/or read at the beginning and end of the program. • CDs/DVDs should be encrypted or password-protected and the header and footer should be affixed to the CD/DVD. o Portable drives including "flash" or "thumb" drives should not themselves be released may includemarked, but the drive itself should be encrypted or all SSI documents stored on it should be password protected. o When leaving your computer or desk you must lock all SSI and you should lock or tum off your computer. o Taking SSI home is not limited recommended. If necessary, get permission from a supervisor and lock all SSI at home. o Do not handle SSI on computers that have peer-to, references to vulnerabilities, risk, safeguards/mitigation (countermeasures), threats -peer software installed on them or any other information or data referred to in 49 CFR 1520on your home computer. c. Applicants must place the following legend on their proposals and any supporting information submitted under the Manhattan II Project Cooperative Agreement which contains information of the type described above: SENSITIVE SECURITY INFORMATION/FOR OFFICIAL USE ONLY WARNING: THIS DOCUMENT CONTAINS SENSITIVE SECURITY INFORMATION THAT IS CONTROLLED UNDER THE PROVISIONS OF 49 CFR PART 1520. NO PART OF THIS DOCUMENT MAY BE RELEASED WITHOUT THE WRITTEN PERMISSION OF THE UNDER SECRETARY OF TRANSPORTATION FOR SECURITY, ▇▇▇▇▇▇▇▇▇▇, ▇▇ ▇▇▇▇▇. UNAUTHORIZED RELEASE MAY RESULT IN CIVIL PENALTY OR OTHER ACTION. FOR U.S. GOVERNMENT AGENCIES, PUBLIC AVAILABILTIY IS TO BE DETERMINED UNDER 5 U.S.C. 552. d. Information identified as sensitive security information will be handled according to procedures for handling sensitive but unclassified (SBU) information, company proprietary information, including applications, or source selection sensitive information.

SENSITIVE SECURITY INFORMATION. a. Although records held by Federal agencies are subject to The Consultant shall not, during the Freedom term of Information Act (FOIA)this Agreement and forever thereafter, information submitted by applicants under the Manhattan II Project Cooperative Agreement will be considered "Sensitive Security Information" for FOIA purposes. Information on the "Sensitive Security Information" FOIA category is contained in 49 CFR Part 1520knowingly divulge, published in the Federal Register (67 FR 8340, dated February 22, 2002). Applications may also contain "trade secret and commercial furnish or financial information" which would not be publicly released under Exemption 4. b. Under 49 U.S.C. 40119 and 49 CFR Part 1520, make available any sensitive security information to any third person, firm or organization, without the Owner's knowledge and prior written consent, including requests for said information made in the course of judicial or legislative proceedings where such information has been properly subpoenaed, Consultant is further prohibited from releasing and reproducing security sensitive information within Consultant's firm and distribution among Consultant's Subconsultants without the Owner's knowledge and prior written consent. 8.5.1 SSI: Sensitive Security Information -- also noted as (SSI) -- is information that, if publicly released, would be detrimental to transportation security, as defined by Federal regulation 49 C.F.R. part 1520. Although SSI is not available classified information, there are specific procedures for public inspection or copyingrecognizing, marking, protecting, safely sharing, and destroying SSL Persons receiving SSI are considered "covered persons" under the SSI regulation in order to carry out responsibilities related to transportation security and are obligated to protect this information from unauthorized disclosure. 8.5.2 The following information indicates requirements for access to, control of, and/or distribution of Project Documents Marked as Sensitive Security Information or SSI. o You Must -- Lock All SSI: Store SSI in these records will a secure container such as a locked file cabinet or drawer (as defined by Federal regulation 49 C.F.R. part 1520.9 (a)(1)). • You Must -- When No Longer Needed, Destroy SSI: Destruction of SSI must be complete to preclude recognition or reconstruction of the information (as defined by Federal regulation 49 C.F.R. part 1520.19). • You Must -- Mark SSI: The regulation requires that even when only a small portion of a paper document contains SSI, every page of the document must be marked with the SSI header and footer shown at left (as defined by Federal regulation 49 C.F.R. part 1520.13). Alteration of the footer is not authorized. • Reasonable steps must be released taken to safeguard SSI. While the regulation does not define reasonable steps, the TSA SSI Branch offers the following best practices as examples of reasonable steps: o Use an SSI cover sheet on all SSI materials. o Electronic presentations (e.g., PowerPoint) should be marked with the SSI header on all pages and the SSI footer on the first and last pages of the presentation. o Spreadsheets should be marked with the SSI header on every page and the SSI footer on every page or at the end of the document. o Video and audio should be marked with the SSI header and footer on the protective cover when able and the header and footer should be shown and/or read at the beginning and end of the program. • CDs/DVDs should be encrypted or password-protected and the header and footer should be affixed to the publicCD/DVD. Information that may o Portable drives including "flash" or "thumb" drives should not themselves be released may includemarked, but the drive itself should be encrypted or all SSI documents stored on it should be password protected. o When leaving your computer or desk you must lock all SSI and you should lock or tum off your computer. o Taking SSI home is not limited recommended. If necessary, get permission from a supervisor and lock all SSI at home. o Do not handle SSI on computers that have peer-to, references to vulnerabilities, risk, safeguards/mitigation (countermeasures), threats -peer software installed on them or any other information or data referred to in 49 CFR 1520on your home computer. c. Applicants must place the following legend on their proposals and any supporting information submitted under the Manhattan II Project Cooperative Agreement which contains information of the type described above: SENSITIVE SECURITY INFORMATION/FOR OFFICIAL USE ONLY WARNING: THIS DOCUMENT CONTAINS SENSITIVE SECURITY INFORMATION THAT IS CONTROLLED UNDER THE PROVISIONS OF 49 CFR PART 1520. NO PART OF THIS DOCUMENT MAY BE RELEASED WITHOUT THE WRITTEN PERMISSION OF THE UNDER SECRETARY OF TRANSPORTATION FOR SECURITY, ▇▇▇▇▇▇▇▇▇▇, ▇▇ ▇▇▇▇▇. UNAUTHORIZED RELEASE MAY RESULT IN CIVIL PENALTY OR OTHER ACTION. FOR U.S. GOVERNMENT AGENCIES, PUBLIC AVAILABILTIY IS TO BE DETERMINED UNDER 5 U.S.C. 552. d. Information identified as sensitive security information will be handled according to procedures for handling sensitive but unclassified (SBU) information, company proprietary information, including applications, or source selection sensitive information.