1804.103 Contract clause.
The contracting officer shall include the clause at FAR 52.204-1, Approval of Contract, in solicitations, contracts, and supplemental agreements that require higher level approval. For actions requiring Headquarters approval, insert "NASA Assistant Administrator for Procurement" in the clause's blank space.
1804.170 Contract effective date.
(a) "Contract effective date" means the date agreed upon by the parties for beginning the period of performance under the contract. In no case shall the effective date precede the date on which the contracting officer or designated higher approval authority signs the document.
(b) Costs incurred before the contract effective date are unallowable unless they qualify as precontract costs (see FAR 31.205-32) and the clause prescribed at 1831.205-70 is used.
1804.202 Agency distribution requirements.
In addition to the requirements in FAR 4.201, the contracting officer shall distribute one copy of each R&D contract, including the Statement of Work, to the NASA Center for AeroSpace Information (CASI), Attention: Acquisitions Collections Development Specialist, 7115 Standard Drive, Hanover, MD 21076-1320.
1804.203 Taxpayer identification information.
Instead of using the last page of the contract to provide the information listed in FAR 4.203, NASA installations may allow contracting officers to use a different distribution method, such as annotating the cover page of the payment office copy of the contract.
1804.402 General.
(b) NASA security
policies and procedures are prescribed in NPD 1600.2D, NASA Security
Policy;
NPR 1600.1, Security Program Procedural Requirements; NPR 2810.1A,
Security of Information Technology; and NPD 2810.1C, NASA Information
Security Policy.
1804.404-70 Contract clause.
The contracting officer shall insert the clause at 1852.204-75, Security Classification Requirements, in solicitations and contracts if work to be performed will require security clearances. This clause may be modified to add instructions for obtaining security clearances and access to security areas that are applicable to the particular acquisition and installation.
1804.470 Security requirements for unclassified information technology resources.
1804.470-1 Scope.
This section implements NASA's acquisition?related aspects of Federal policies for assuring the security of unclassified automated information resources. Federal policies include, but are not limited to, the Computer Security Act of 1987 (40 U.S.C. 1441 et seq.), the Clinger-Cohen Act of 1996 (40 U.S.C. 1401 et seq.), Public Law 106-398, section 1061, Government Information Security Reform, OMB Circular A-130, Management of Federal Information Resources, and the National Institute of Standards and Technology security guidance and standards.
1804.470-2 Policy.
(a) NASA policies
and procedures on security for automated information technology are
prescribed in NPD 2810.1C, NASA Information Security Policy, and
in NPR 2810.1A, Security of Information Technology. The provision of information technology (IT) security in accordance with these
policies and procedures, is required in all contracts that include
IT resources or services in which a contractor must have physical or
electronic access to NASA's sensitive information contained in unclassified
systems that directly support the mission of the Agency. This includes
information technology, hardware, software, and the management, operation,
maintenance, programming, and system administration of computer systems,
networks, and telecommunications systems. Examples of tasks that require
security provisions include:
- (1) Computer control of spacecraft, satellites, or aircraft or their payloads;
- (2) Acquisition, transmission or analysis of data owned by NASA with significant replacement costs should the contractor's copy be corrupted; and
- (3) Access to NASA networks or computers at a level beyond that granted the general public, e.g. bypassing a firewall.
(b) The contractor must not use or redistribute any NASA information processed, stored, or transmitted by the contractor except as specified in the contract.
1804.470-3 Security plan for unclassified Federal Information Technology systems.
(a) The requiring activity with the concurrence of the Center Chief Information Officer (CIO), and the Center Information Technology (IT) Security Manager, must determine whether an IT Security Plan for unclassified information is required.
(b) IT security plans must demonstrate a thorough understanding of NPR 2810.1A and NPD 2810.1C and
must include, as a minimum, the security measures and program safeguards
planned to ensure that the information technology resources acquired
and used by contractor and subcontractor personnel --
- (1) Are protected from unauthorized access, alteration, disclosure, or misuse of information processed, stored, or transmitted;
- (2) Can maintain the continuity of automated information support for NASA missions, programs, and functions;
- (3) Incorporate management, general, and application controls sufficient to provide cost-effective assurance of the systems' integrity and accuracy;
- (4) Have appropriate technical, personnel, administrative, environmental, and access safeguards;
- (5) Document and follow a virus protection program for all IT resources under its control; and
+ Introduction + Part 1827 + Part 1835 + Part 1852
