Common use of SECURITY AND PRIVACY SAFEGUARDING REQUIREMENTS Clause in Contracts

SECURITY AND PRIVACY SAFEGUARDING REQUIREMENTS. The state agency must comply with the applicable provisions of FISMA, the applicable Office of Management and Budget (OMB) memoranda, and the applicable guidelines of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 5, Security and Privacy Controls for Federal Information Systems and Organizations, September 2020, updated December 10, 2020; HHS Policy for Information Security and Privacy Protection, November 2021; and the Automated Systems for Child Support Enforcement: A Guide for States, updated 2017 (Federal Certification Guide). The following requirements are drawn from these statutes, regulations, and guidelines. The HHS Policy for Information Security and Privacy Protection can be shared with a state agency upon request. The security requirements with which the state agency must comply are presented in three categories: management, operational, and technical. The state agency must also comply with additional requirements: Cloud Solution (optional for cloud environments), Retention and Disposition Requirements, Breach Reporting and Notification Responsibility, Security Certification, and Audit Requirements.

SECURITY AND PRIVACY SAFEGUARDING REQUIREMENTS. The state CS agency must shall comply with the applicable provisions of the FISMA, the applicable Office of Management and Budget (OMB) OMB memoranda, and the applicable guidelines of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 54, Security and Privacy Controls for Federal Information Systems and Organizations, September 2020updated January 22, updated December 102015, 2020; HHS HHS-OCIO Policy for Information Systems Security and Privacy Protection, November 2021; (IS2P) and the Automated Systems for Child Support Enforcement: A Guide for States, updated States 2017 (Federal Certification Guide). The following requirements are drawn from these statutes, regulations, and guidelines. The HHS Policy for Information Security and Privacy Protection Policy (IS2P) can be shared with a state child support agency upon request. The security requirements with which the state CS agency must shall comply are presented in three categories: management, operational, and technical. The state CS agency must shall also comply with additional requirements: Cloud Solution solution (optional for cloud environments), Retention and Disposition Requirements, ; Breach Reporting and Notification Responsibility, ; Security Certification, ; and Audit Requirements.