HHS-Controlled Facilities and Information Systems Security Sample Clauses

The HHS-Controlled Facilities and Information Systems Security clause establishes requirements for safeguarding the physical and digital assets managed by the Department of Health and Human Services (HHS). It typically mandates that contractors or personnel accessing HHS facilities or information systems adhere to specific security protocols, such as background checks, access controls, and compliance with federal cybersecurity standards. This clause ensures that sensitive government data and infrastructure are protected from unauthorized access or breaches, thereby mitigating risks to public health information and maintaining regulatory compliance.
HHS-Controlled Facilities and Information Systems Security a. To perform the work specified herein, Contractor personnel are expected to have routine (1) physical access to an HHS-controlled facility; (2) physical access to an HHS-controlled information system; (3) access to sensitive HHS data or information, whether in an HHS-controlled information system or in hard copy; or (4) any combination of circumstances (1) through (3). b. To gain routine physical access to an HHS-controlled information system, and/or access to sensitive data or information, the Contractor and its employees shall comply with Homeland Security Presidential Directive (HSPD)-12, Policy for a Common Identification Standard for Federal Employees and Contractors; Office of Management and Budget Memorandum (M-05– 24); and Federal Information Processing Standards Publication (FIPS PUB) Number 201; and with the personal identity verification and investigations procedures contained in the following documents:
View SourceView Similar (12)
HHS-Controlled Facilities and Information Systems Security a. To perform the work specified herein, Contractor personnel are expected to have routine (1) physical access to an HHS-controlled facility; (2) physical access to an HHS-controlled information system; (3) access to sensitive HHS data or information, whether in an HHS-controlled information system or in hard copy; or (4) any combination of circumstances (1) through (3). b. To gain routine physical access to an HHS-controlled information system, and/or access to sensitive data or information, the Contractor and its employees shall comply with Homeland Security Presidential Directive (HSPD)-12, Policy for a Common Identification Standard for Federal Employees and Contractors; Office of Management and Budget Memorandum (M-05-24); and Federal Information Processing Standards Publication (FIPS PUB) Number 201; and with the personal identity verification and investigations procedures contained in the following documents: 1. HHS Information Security Program Policy (▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/about/agencies/asa/ocio/cybersecurity/index.html) 2. HHS Office of Security and Drug Testing, Personnel Security/Suitability Handbook, dated February 1, 2005 (▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/4docs/HHS- NatnlSecInfoManual_2005.pdf) 3. HHS HSPD-12 Policy Document, v. 2.0 (▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇▇/sites/▇▇▇▇▇▇▇▇▇▇.▇▇▇/files/omb/memoranda/2005/m 05-24.pdf)
View SourceView Similar (8)
HHS-Controlled Facilities and Information Systems Security a. To perform the work specified herein, Contractor personnel are expected to have routine (1) physical access to an HHS-controlled facility; (2) physical access to an HHS-controlled information system; (3) access to sensitive HHS data or information, whether in an HHS-controlled information system or in hard copy; or (4) any combination of circumstances (1) through (3). b. To gain routine physical access to an HHS-controlled information system, and/or access to sensitive data or information, the Contractor and its employees shall comply with Homeland Security Presidential Directive (HSPD)-12, Policy for a Common Identification Standard for Federal Employees and Contractors; Office of Management and Budget Memorandum (M-05-24); and Federal Information Processing Standards Publication (FIPS PUB) Number 201; and with the personal identity verification and investigations procedures contained in the following documents: 1. HHS Information Security Program Policy (▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/ocio/policy/hhs- ocio-2011-0003.html) 2. HHS Office of Security and Drug Testing, Personnel Security/Suitability Handbook, dated February 1, 2005 (▇▇▇▇://▇▇▇▇▇▇▇▇.▇▇▇.▇▇▇/security/ossi/documents/pssh.pdf) 3. HHS HSPD-12 Policy Document, v. 2.0 (▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇▇/sites/default/files/omb/assets/omb/memoranda/fy200 5/m05-24.pdf) 4. Information regarding background checks/badges (▇▇▇▇://▇▇▇▇▇▇▇.▇▇▇.▇▇▇/background/index.asp) c. Position Sensitivity Levels: The BPA Call will entail the following position sensitivity levels:  Level 6: Public Trust - High Risk. Contractor/subcontractor employees assigned to Level 6 positions shall undergo a Suitability Determination and Background Investigation (MBI).  Level 5: Public Trust - Moderate Risk. Contractor/subcontractor employees assigned to Level 5 positions with no previous investigation and approval shall undergo a Suitability Determination and a Minimum Background Investigation (MBI), or a Limited Background Investigation (LBI).  Level 1: Non-Sensitive. Contractor/subcontractor employees assigned to Level 1 positions shall undergo a Suitability Determination and National Check and Inquiry Investigation (NACI). d. The personnel investigation procedures for Contractor personnel require that (upon award) the Contractor prepare and submit background check/investigation forms based on the type of investigation required. The minimum Government investigation for a non-sensitive position is a National Agency Check and Inquiries (NACI) wit...
View SourceView Similar (4)

Related to HHS-Controlled Facilities and Information Systems Security

  • Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.

  • Data and Information 14.1 The Contractor shall have the right to use, and shall have access to, all geological, geophysical, drilling, well production, well location maps and other information held by the Republic related to the Contract Area in consideration of the payment of the required fees. 14.2 The Contractor shall promptly provide the Minister, free of cost, with all data obtained as a result of Hydrocarbons Operations under this Contract, including seismic data, geological, geophysical, geochemical, petro-physical, engineering, well logs, maps, magnetic tapes, cores, cuttings and production data, as well as all interpretative and derivative data, including reports, analyses, interpretations and evaluations prepared in respect of Hydrocarbons Operations. 14.3 The Republic shall have title to all original data and information resulting from Hydrocarbons Operations under this Contract, including but not limited to geological, geophysical, petro-physical and engineering data, well logs and completion status reports, and any other data that the Contractor or anyone acting on its behalf may compile or obtain during the term of this Contract. The Contractor is entitled to retain and use a copy of all such data, subject to the provisions of this Article 14. 14.4 The Contractor acknowledges the proprietary rights of the Republic in all data and information referred to in this Article 14 and agrees to treat all such data and information as confidential and to comply with applicable laws and regulations with respect to the storage and any transport or export out of the Republic of any such data and information. 14.5 The Contractor may disclose such information to its employees to the extent required for efficient conduct of Hydrocarbons Operations, provided such individuals have signed or otherwise be subject to an undertaking relating to the confidentiality of the same information as part of their employment contract, or to Affiliates and consultants, or to bona fide prospective assignees of rights under this Contract or to banks or financial institutions from which finance is sought, provided that the Contractor obtains from such entities, prior to disclosure, a written confidentiality undertaking. In the case of disclosure to prospective assignees, any disclosure of such information shall require the prior written consent of the Minister, which consent shall not be unreasonably withheld. 14.6 The Contractor may disclose information as and to the extent required by a regulatory or judicial authority having proper jurisdiction over the Contractor, provided that the Minister is first notified of such disclosure and of the information so disclosed. 14.7 The Contractor’s obligation of confidentiality under this Article shall be of a continuing nature and shall not be cancelled by the expiration, suspension or termination of this Contract, or by any transfer or assignment of interest under this Contract.

  • ACCESS TO SECURITY LOGS AND REPORTS Upon request, the Contractor shall provide access to security logs and reports to the State or Authorized User in a format as specified in the Authorized User Agreement.

  • Access to Information Systems Access, if any, to DXC’s Information Systems is granted solely to perform the Services under this Order, and is limited to those specific DXC Information Systems, time periods and personnel as are separately agreed to by DXC and Supplier from time to time. DXC may require Supplier’s employees, subcontractors or agents to sign individual agreements prior to access to DXC’s Information Systems. Use of DXC Information Systems during other time periods or by individuals not authorized by DXC is expressly prohibited. Access is subject to DXC business control and information protection policies, standards and guidelines as may be modified from time to time. Use of any other DXC Information Systems is expressly prohibited. This prohibition applies even when an DXC Information System that Supplier is authorized to access, serves as a gateway to other Information Systems outside Supplier’s scope of authorization. Supplier agrees to access Information Systems only from specific locations approved for access by DXC. For access outside of DXC premises, DXC will designate the specific network connections to be used to access Information Systems.

  • Information Systems The Customer is aware that vehicles manufactured, supplied or marketed by a company within the Volvo Group are equipped with one or more systems which may gather and store information about the vehicle (the “Information Systems”), including but not limited to information relating to vehicle condition and performance and information relating to the operation of the vehicle (together, the “Vehicle Data”). The Customer agrees not to interfere with the operation of the Information System in any way.