Common use of CONTRACTOR ACCESS TO FEDERALLY CONTROLLED FACILITIES AND/OR UNCLASSIFIED SENSITIVE INFORMATION OR UNCLASSIFIED IT Clause in Contracts

CONTRACTOR ACCESS TO FEDERALLY CONTROLLED FACILITIES AND/OR UNCLASSIFIED SENSITIVE INFORMATION OR UNCLASSIFIED IT. SYSTEMS (NAVSUP 5252.204-9400) Homeland Security Presidential Directive (HSPD)-12, requires government agencies to develop and implement Federal security standards for Federal employees and contractors. The Deputy Secretary of Defense Directive-Type Memorandum (DTM) 08-006 – “DoD Implementation of Homeland Security Presidential Directive – 12 (HSPD-12)” dated November 26, 2008 (or its subsequent DoD instruction) directs implementation of HSPD-12. This clause is in accordance with HSPD-12 and its implementing directives. This clause applies to Seller employees requiring physical access to any area of a federally controlled base, facility or activity and/or requiring access to a DoD computer/network, to perform certain unclassified both non-sensitive and sensitive duties. It is the responsibility of the command/facility where the work is performed to ensure compliance. The requirement to control access to sensitive information applies to all US government IT systems and/or areas where unclassified but sensitive information may be discussed, displayed or maintained. DON policy prescribes that all unclassified data that has not been approved for public release and is stored on mobile computing devises must be treated as sensitive data and encrypted using commercially available encryption technology. Whenever granted access to sensitive information, Seller employees shall follow applicable DoD/DoN instructions, regulations, policies and procedures when reviewing, processing, producing, protecting, destroying and/or storing that information. Operational Security (OPSEC) procedures and practices must be implemented by both the Seller and its employees to protect the product, information, services, operations and missions related to this Order. The Seller shall designate an employee to serve as the Seller’s Security Representative. Within three work days after award, the Seller shall provide to the Navy Command’s Security Manager and the Contracting Officer through Northrop Grumman, in writing, the name, title, address and phone number for the Seller’s Security Representative. The Seller’s Security Representative shall be the primary point of contact on any security matter. The Seller’s Security Representative shall not be replaced or removed without prior notice to Northrop Grumman. NON-SENSITIVE POSITIONS Seller employee whose work is unclassified and non-sensitive (e.g., performing certain duties such as lawn maintenance, vendor services, etc ...) and who require physical access to publicly accessible areas to perform those duties shall meet the following minimum requirements: a. Must be either a US citizen or a US permanent resident with a minimum of 3 years legal residency in the US (as required by The Deputy Secretary of Defense DTM 08-006 or its subsequent DoD instruction) and b. Must have a favorably completed National Agency Check with Written Inquiries (NACI) including a Federal Bureau of Investigation (FBI) fingerprint check prior to installation access. To be considered for a favorable trustworthiness determination, the Seller’s Security Representative must submit for all employees each of the following: 1. SF-85 Questionnaire for Non-Sensitive Positions 2. Two FD-258 Applicant Fingerprint Cards 3. Original Signed Release Statements The Seller shall ensure each individual employee has a current favorably completed NACI. The Seller’s Security Representative shall be responsible for initiating reinvestigations as required. Failure to provide the required documentation at least 30 days prior to the individual’s start date shall result in delaying the individual’s start date. SENSITIVE POSITIONS Seller employee whose duties require accessing a DoD unclassified computer/network, working with sensitive unclassified information (either at a Government or contractor facility), or physical access to a DoD facility must be a US citizen and possess a favorable trustworthiness determination prior to installation access. To obtain a favorable trustworthiness determination, each Seller employee must have a favorably completed National Agency Check with Local Credit Checks (NACLC) which consists of a NACI including a FBI fingerprint check plus credit and law enforcement checks. Each Seller employee applying for a trustworthiness determination is required to complete: 1. SF-85P Questionnaire for Public Trust Positions 2. Two FD-258 Applicant Fingerprint Cards 3. Original Signed Release Statements Failure to provide the required documentation at least 30 days prior to the individual’s start date shall result in delaying the individual’s start date. To maintain continuing authorization for an employee to access a DoD unclassified computer/network, and/or have access to sensitive unclassified information, the Seller shall ensure that the individual employee has a current requisite background investigation. The Seller’s Security Representative shall be responsible for initiating reinvestigations as required and ensuring that background investigations remain current (not older than 10 years) throughout the performance period of this Order. IT SYSTEMS ACCESS When access to IT systems is required for performance of the Seller employee’s duties, such employees shall in-process with the Navy Command’s Security Manager and Information Assurance Manager upon arrival to the Navy command and shall out-process prior to their departure at the completion of the individual’s performance under the Order. Completion and approval of a System Authorization Access Request Navy (SAAR-N) form is required for all individuals accessing Navy Information Technology resources. The SAAR-N shall be forwarded to the Navy Command’s Security Manager at least 30 days prior to the individual’s start date. Failure to provide the required documentation at least 30 days prior to the individual’s start date shall result in delaying the individual’s start date. When required to maintain access to required IT systems or networks, the Seller shall ensure that all employees requiring access complete annual Information Assurance (IA) training, and maintain a current requisite background investigation. The Seller’s Security Representative shall contact the Command Security Manager for guidance when reinvestigations are required. SECURITY APPROVAL PROCESS The Seller’s Security Representative shall ensure that each individual employee pending assignment shall accurately complete the required forms for submission to the Navy Command’s Security Manager. The Seller’s Security Representative shall screen the investigative questionnaires for completeness and accuracy and for potential suitability/security issues prior to submitting the request to the Navy Command’s Security Manager. Forms and fingerprint cards may be obtained from the Navy Command’s Security Manager. These required items, shall be forwarded to the Navy Command's Security Manager for processing at least 30 days prior to the individual employee’s anticipated date for reporting for duty. The Navy Command’s Security Manager will review the submitted documentation for completeness prior to submitting it to the Office of Personnel Management (OPM). Suitability/security issues identified by the Navy Command’s Security Manager may render the contract employee ineligible for the assignment. A favorable review of the questionnaire and advance fingerprint results are required as an interim measure prior to the contract employee start date. An unfavorable determination made by the Navy Command’s Security Manager is final and such a determination does not relieve the Seller from meeting any contractual obligation under the Order. If Seller employees already possess a current favorably adjudicated investigation, the Navy Command’s Security Manager will use the Visit Authorization Request (VAR) via the Joint Personnel Adjudication System (JPAS). The Seller shall include the IT Position Category per SECNAV M-5510.30 for each employee designated on a VAR. The VAR requires annual renewal for the duration of the employee’s performance under the Order. The Navy Command’s Security Manager will forward the required forms to OPM for processing. Once the investigation is complete, the results will be forwarded by OPM to the DON Central Adjudication Facility (CAF) for a position of trust determination. When a favorable determination is not made, Seller employees shall not be permitted to work on this Order effort and if already working on the Order shall be removed immediately. THE POTENTIAL CONSEQUENCES OF ANY REQUIREMENTS UNDER THIS CLAUSE INCLUDING DENIAL OF ACCESS FOR A PROPOSED SELLER EMPLOYEE WHO FAILS TO OBTAIN A FAVORABLE TRUSTWORTHINESS DETERMINATION IN NO WAY RELIEVES THE SELLER FROM THE REQUIREMENT TO EXECUTE PERFORMANCE UNDER THE ORDER WITHIN THE TIMEFRAMES SPECIFIED IN THE ORDER. Sellers shall plan ahead in processing their employees and subcontractor employees for working in non-sensitive positions, with sensitive information, and/or on Government IT systems. The Seller shall insert this clause in all subcontracts when the subcontractor is permitted to have physical access to a federally controlled facility and/or access to a federally-controlled information system/network and/or access to government information.

CONTRACTOR ACCESS TO FEDERALLY CONTROLLED FACILITIES AND/OR UNCLASSIFIED SENSITIVE INFORMATION OR UNCLASSIFIED IT. SYSTEMS (NAVSUP 5252.204-9400) Homeland Security Presidential Directive (HSPD)-12, requires government agencies to develop and implement Federal security standards for Federal employees and contractors. The Deputy Secretary of Defense Directive-Type Memorandum (DTM) 08-006 – “DoD Implementation of Homeland Security Presidential Directive – 12 (HSPD-12)” dated November 26, 2008 (or its subsequent DoD instruction) directs implementation of HSPD-12. This clause is in accordance with HSPD-12 and its implementing directives. This clause applies to Seller employees requiring physical access to any area of a federally controlled base, facility or activity and/or requiring access to a DoD computer/network, to perform certain unclassified both non-sensitive and sensitive duties. It is the responsibility of the command/facility where the work is performed to ensure compliance. The requirement to control access to sensitive information applies to all US government IT systems and/or areas where unclassified but sensitive information may be discussed, displayed or maintained. DON policy prescribes that all unclassified data that has not been approved for public release and is stored on mobile computing devises must be treated as sensitive data and encrypted using commercially available encryption technology. Whenever granted access to sensitive information, Seller employees shall follow applicable DoD/DoN instructions, regulations, policies and procedures when reviewing, processing, producing, protecting, destroying and/or storing that information. Operational Security (OPSEC) procedures and practices must be implemented by both the Seller and its employees to protect the product, information, services, operations and missions related to this Order. The Seller shall designate an employee to serve as the Seller’s Security Representative. Within three work days after award, the Seller shall provide to the Navy Command’s Security Manager and the Contracting Officer through Northrop Grumman, in writing, the name, title, address and phone number for the Seller’s Security Representative. The Seller’s Security Representative shall be the primary point of contact on any security matter. The Seller’s Security Representative shall not be replaced or removed without prior notice to Northrop Grumman. NON-SENSITIVE POSITIONS Seller employee whose work is unclassified and non-sensitive (e.g., performing certain duties such as lawn maintenance, vendor services, etc ...) and who require physical access to publicly accessible areas to perform those duties shall meet the following minimum requirements: a. 1. Must be either a US citizen or a US permanent resident with a minimum of 3 years legal residency in the US (as required by The Deputy Secretary of Defense DTM 08-006 or its subsequent DoD instruction) and b. 2. Must have a favorably completed National Agency Check with Written Inquiries (NACI) including a Federal Bureau of Investigation (FBI) fingerprint check prior to installation access. To be considered for a favorable trustworthiness determination, the Seller’s Security Representative must submit for all employees each of the following: 1. SF-85 Questionnaire for Non-Sensitive Positions 2. Two FD-258 Applicant Fingerprint Cards 3. Original Signed Release Statements The Seller shall ensure each individual employee has a current favorably completed NACI. The Seller’s Security Representative shall be responsible for initiating reinvestigations as required. Failure to provide the required documentation at least 30 days prior to the individual’s start date shall result in delaying the individual’s start date. SENSITIVE POSITIONS Seller employee whose duties require accessing a DoD unclassified computer/network, working with sensitive unclassified information (either at a Government or contractor facility), or physical access to a DoD facility must be a US citizen and possess a favorable trustworthiness determination prior to installation access. To obtain a favorable trustworthiness determination, each Seller employee must have a favorably completed National Agency Check with Local Credit Checks (NACLC) which consists of a NACI including a FBI fingerprint check plus credit and law enforcement checks. Each Seller employee applying for a trustworthiness determination is required to complete: 1. SF-85P Questionnaire for Public Trust Positions 2. Two FD-258 Applicant Fingerprint Cards 3. Original Signed Release Statements Failure to provide the required documentation at least 30 days prior to the individual’s start date shall result in delaying the individual’s start date. To maintain continuing authorization for an employee to access a DoD unclassified computer/network, and/or have access to sensitive unclassified information, the Seller shall ensure that the individual employee has a current requisite background investigation. The Seller’s Security Representative shall be responsible for initiating reinvestigations as required and ensuring that background investigations remain current (not older than 10 years) throughout the performance period of this Order. IT SYSTEMS ACCESS When access to IT systems is required for performance of the Seller employee’s duties, such employees shall in-process with the Navy Command’s Security Manager and Information Assurance Manager upon arrival to the Navy command and shall out-process prior to their departure at the completion of the individual’s performance under the Order. Completion and approval of a System Authorization Access Request Navy (SAAR-N) form is required for all individuals accessing Navy Information Technology resources. The SAAR-N shall be forwarded to the Navy Command’s Security Manager at least 30 days prior to the individual’s start date. Failure to provide the required documentation at least 30 days prior to the individual’s start date shall result in delaying the individual’s start date. When required to maintain access to required IT systems or networks, the Seller shall ensure that all employees requiring access complete annual Information Assurance (IA) training, and maintain a current requisite background investigation. The Seller’s Security Representative shall contact the Command Security Manager for guidance when reinvestigations are required. SECURITY APPROVAL PROCESS The Seller’s Security Representative shall ensure that each individual employee pending assignment shall accurately complete the required forms for submission to the Navy Command’s Security Manager. The Seller’s Security Representative shall screen the investigative questionnaires for completeness and accuracy and for potential suitability/security issues prior to submitting the request to the Navy Command’s Security Manager. Forms and fingerprint cards may be obtained from the Navy Command’s Security Manager. These required items, shall be forwarded to the Navy Command's Security Manager for processing at least 30 days prior to the individual employee’s anticipated date for reporting for duty. The Navy Command’s Security Manager will review the submitted documentation for completeness prior to submitting it to the Office of Personnel Management (OPM). Suitability/security issues identified by the Navy Command’s Security Manager may render the contract employee ineligible for the assignment. A favorable review of the questionnaire and advance fingerprint results are required as an interim measure prior to the contract employee start date. An unfavorable determination made by the Navy Command’s Security Manager is final and such a determination does not relieve the Seller from meeting any contractual obligation under the Order. If Seller employees already possess a current favorably adjudicated investigation, the Navy Command’s Security Manager will use the Visit Authorization Request (VAR) via the Joint Personnel Adjudication System (JPAS). The Seller shall include the IT Position Category per SECNAV M-5510.30 for each employee designated on a VAR. The VAR requires annual renewal for the duration of the employee’s performance under the Order. The Navy Command’s Security Manager will forward the required forms to OPM for processing. Once the investigation is complete, the results will be forwarded by OPM to the DON Central Adjudication Facility (CAF) for a position of trust determination. When a favorable determination is not made, Seller employees shall not be permitted to work on this Order effort and if already working on the Order shall be removed immediately. THE POTENTIAL CONSEQUENCES OF ANY REQUIREMENTS UNDER THIS CLAUSE INCLUDING DENIAL OF ACCESS FOR A PROPOSED SELLER EMPLOYEE WHO FAILS TO OBTAIN A FAVORABLE TRUSTWORTHINESS DETERMINATION IN NO WAY RELIEVES THE SELLER FROM THE REQUIREMENT TO EXECUTE PERFORMANCE UNDER THE ORDER WITHIN THE TIMEFRAMES SPECIFIED IN THE ORDER. Sellers shall plan ahead in processing their employees and subcontractor employees for working in non-sensitive positions, with sensitive information, and/or on Government IT systems. The Seller shall insert this clause in all subcontracts when the subcontractor is permitted to have physical access to a federally controlled facility and/or access to a federally-controlled information system/network and/or access to government information.