As prescribed in 1837.203-72(b), insert the following clause:
RELEASE OF SENSITIVE INFORMATION
(JUNE 2005)
(a) As used in this clause, “sensitive information” refers to information, not currently in the public domain, that the Contractor has developed at private expense, that may embody trade secrets or commercial or financial information, and that may be sensitive or privileged.
(b) In accomplishing management activities and administrative functions, NASA relies heavily on the support of various service providers. To support NASA activities and functions, these service providers, as well as their subcontractors and their individual employees, may need access to sensitive information submitted by the Contractor under this contract. By submitting this proposal or performing this contract, the Contractor agrees that NASA may release to its service providers, their subcontractors, and their individual employees, sensitive information submitted during the course of this procurement, subject to the enumerated protections mandated by the clause at 1852.237-72, Access to Sensitive Information.
(c)(1) The Contractor shall identify any sensitive information submitted in support of this proposal or in performing this contract. For purposes of identifying sensitive information, the Contractor may, in addition to any other notice or legend otherwise required, use a notice similar to the following:
This proposal or document includes sensitive information that NASA shall not disclose outside the Agency and its service providers that support management activities and administrative functions. To gain access to this sensitive information, a service provider’s contract must contain the clause at NFS 1852.237-72, Access to Sensitive Information. Consistent with this clause, the service provider shall not duplicate, use, or disclose the information in whole or in part for any purpose other than to perform the services specified in its contract. This restriction does not limit the Government's right to use this information if it is obtained from another source without restriction. The information subject to this restriction is contained in pages [insert page numbers or other identification of pages].
Mark each page of sensitive information the Contractor wishes to restrict with the following legend:
Use or disclosure of sensitive information contained on this page is subject to the restriction on the title page of this proposal or document.
(2) The Contracting Officer shall evaluate the facts supporting any claim that particular information is “sensitive.” This evaluation shall consider the time and resources necessary to protect the information in accordance with the detailed safeguards mandated by the clause at 1852.237-72, Access to Sensitive Information. However, unless the Contracting Officer decides, with the advice of Center counsel, that reasonable grounds exist to challenge the Contractor’s claim that particular information is sensitive, NASA and its service providers and their employees shall comply with all of the safeguards contained in paragraph (d) of this clause.
(d) To receive access to sensitive information needed to assist NASA in accomplishing management activities and administrative functions, the service provider must be operating under a contract that contains the clause at 1852.237-72, Access to Sensitive Information. This clause obligates the service provider to do the following:
(1) Comply with all specified procedures and obligations, including the
Organizational Conflicts of Interest Avoidance Plan, which the contract has incorporated as a compliance document.
(2) Utilize any sensitive information coming into its possession only for the purpose of performing the services specified in its contract.
(3) Safeguard sensitive information coming into its possession from unauthorized use and disclosure.
(4) Allow access to sensitive information only to those employees that need it to perform services under its contract.
(5) Preclude access and disclosure of sensitive information to persons and entities outside of the service provider’s organization.
(6) Train employees who may require access to sensitive information about their obligations to utilize it only to perform the services specified in its contract and to safeguard it from unauthorized use and disclosure.
(7) Obtain a written affirmation from each employee that he/she has received and will comply with training on the authorized uses and mandatory protections of sensitive information needed in performing this contract.
(8) Administer a monitoring process to ensure that employees comply with all reasonable security procedures, report any breaches to the Contracting Officer, and implement any necessary corrective actions.
(e) When the service provider will have primary responsibility for operating an information technology system for NASA that contains sensitive information, the service provider’s contract shall include the clause at 1852.204-76, Security Requirements for Unclassified Information Technology Resources. The Security Requirements clause requires the service provider to implement an Information Technology Security Plan to protect information processed, stored, or transmitted from unauthorized access, alteration, disclosure, or use. Service provider personnel requiring privileged access or limited privileged access to these information technology systems are subject to screening using the standard National Agency Check (NAC) forms appropriate to the level of risk for adverse impact to NASA missions. The Contracting Officer may allow the service provider to conduct its own screening, provided the service provider employs substantially equivalent screening procedures.
(f) This clause does not affect NASA's responsibilities under the Freedom of Information Act.
(g) The Contractor shall insert this clause, including this paragraph (g), suitably modified to reflect the relationship of the parties, in all subcontracts that may require the furnishing of sensitive information.
(End of clause)