PART 3004—ADMINISTRATIVE MATTERS
Authority: 5 U.S.C. 301–302, 41 U.S.C. 1707, 41 U.S.C. 1702, 41 U.S.C. 1303(a)(2), 48 CFR part 1, subpart 1.3, and DHS Delegation Number 0702.
Source: 68 FR 67871, Dec. 4, 2003, unless otherwise noted.
Subpart 3004.1—Contract Execution
Subpart 3004.4—Safeguarding Classified and Controlled Unclassified Information Within Industry
Subpart 3004.8—Government Contract Files
3004.804 Closeout of contract files.
Subpart 3004.1—Contract Execution
3004.103 Contract clause.
Insert the clause at (FAR) 48 CFR 52.204–1, Approval of Contract, in each solicitation where approval to award the resulting contract is required above the contracting officer level.
Subpart 3004.4—Safeguarding Classified and Controlled Unclassified Information Within Industry
Source: 88 FR 40597, June 21, 2023, unless otherwise noted.
3004.470-1 Scope.
This section implements DHS policies for assuring adequate security of unclassified facilities, information resources, and controlled unclassified information (CUI) during the acquisition lifecycle.
3004.470-2 Definitions.
As used in this subpart—
Incident means an occurrence that—
(1) Actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or
(2) Constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.
3004.470-3 Policy.
(a) DHS requires that CUI be safeguarded when it resides on DHS-owned and operated information systems, DHS-owned and contractor-operated information systems, contractor-owned and/or operated information systems operating on behalf of the Department, and any situation where contractor and/or subcontractor employees may have access to CUI because of their relationship with DHS. There are several Department policies and procedures (accessible at https://www.dhs.gov/dhs-security-and-training-requirements-contractors) that also address the safeguarding of CUI. Compliance with these policies and procedures, as amended, is required.
(b) DHS requires contractor employees that require recurring access to government facilities or access to CUI to complete such forms as may be necessary for security or other reasons, including the conduct of background investigations to determine fitness. Department policies and procedures that address contractor employee fitness are contained in Instruction Handbook Number 121–01–007, The Department of Homeland Security Personnel Suitability and Security Program. Compliance with these policies and procedures, as amended, is required.
3004.470-4 Contract clauses.
(a) Contracting officers shall insert the basic clause at (HSAR) 48 CFR 3052.204–71, Contractor Employee Access, in solicitations and contracts when contractor and/or subcontractor employees require recurring access to government facilities or access to CUI. Contracting officers shall insert the basic clause with its Alternate I for acquisitions requiring contractor access to government information resources. For acquisitions in which contractor and/or subcontractor employees will not have access to government information resources, but the department has determined contractor and/or subcontractor employee access to CUI or government facilities must be limited to U.S. citizens and lawful permanent residents, the contracting officer shall insert the clause with its Alternate II. Neither the basic clause nor its alternates shall be used unless contractor and/or subcontractor employees will require recurring access to government facilities or access to CUI. Neither the basic clause nor its alternates should ordinarily be used in contracts with educational institutions.
(b)
(1) Contracting officers shall insert the clause at (HSAR) 48 CFR 3052.204–72, Safeguarding of Controlled Unclassified Information, in solicitations and contracts where:
(i) Contractor and/or subcontractor employees will have access to CUI; or
(ii) CUI will be collected or maintained on behalf of the agency.
(2) Contracting officers shall insert the basic clause with its alternate when Federal information systems, which include contractor information systems operated on behalf of the agency, are used to collect, process, store, or transmit CUI.
(c) Contracting officers shall insert the clause at (HSAR) 48 CFR 3052.204–73, Notification and Credit Monitoring Requirements for Personally Identifiable Information Incidents, in solicitations and contracts where contractor and/or subcontractor employees have access to PII.
Subpart 3004.8—Government Contract Files
3004.804 Closeout of contract files.
3004.804-5 Procedures for closing out contract files.
3004.804-570 Supporting closeout documents.
(a) When applicable and prior to contract closure, the contracting officer shall obtain the listed DHS and Department of Defense (DOD) forms from the contractor for closeout.
(1) DHS Form 700–3, Contractor's Release (e.g., see (FAR) 48 CFR 52.216–7);
(2) DHS Form 700–2, Contractor's Assignment of Refunds, Rebates, Credits and Other amounts (e.g., see (FAR) 48 CFR 52.216–7);
(3) DHS Form 700–1, Cumulative Claim and Reconciliation Statement (e.g., see (FAR) 48 CFR 4.804–5(a)(13)); and
(4) DD Form 882, Report of Inventions and Subcontracts (e.g., see (FAR) 48 CFR 52.227–14).
(b) The forms listed in this section (see (HSAR) 48 CFR part 3053) are used primarily for the closeout of cost-reimbursement, time-and-materials, and labor-hour contracts. The forms may also be used for closeout of other contract types to protect the Government's interest.