(a) DHS’s policies and procedures on contractor personnel security requirements are set forth in various management directives (MDs). MD 11042.1, Safeguarding Sensitive But Unclassified (For Official Use only) Information describes how contractors must handle sensitive but unclassified information. MD 4300.1, entitled Information Technology Systems Security, and the DHS Sensitive Systems Handbook, prescribe the policies and procedures on security for Information Technology resources. Compliance with these policies and procedures, any replacement publications, or any other current or future DHS policies and procedures covering contractors specifically is required in all contracts that require access to facilities, IT resources or sensitive information.
(b) The contractor must not use or redistribute any DHS information processed, stored, or transmitted by the contractor except as specified in the contract.
