Section H 

Security Program Policy.htm

). The Certification and Accreditation Package must 

be consistent with and provide further detail for the security approach contained 

in the offeror s proposal or sealed bid that resulted in the award of this contract 

and in compliance with the requirements stated in this clause. The Certification 

and Accreditation Package, as approved by the Contracting  

Officer, in consultation with the DOC IT Security Manager, or Agency/Bureau IT 

Security Manager/Officer, shall be incorporated as part of the contract. DOC will 

use the incorporated IT Security Plan as the basis for certification and 

accreditation of the contractor system that will process DOC data or connect to 

DOC networks. Failure to submit and receive approval of the Certification and 

Accreditation Package, as outlined in DOC IT Security Program Policy, Sections 

3.4 and 3.5 (

http://home.osec.doc.gov/DOC ITSecurity Program Policy.htm

) may 

result in termination of the contract. 

(d)  

The Contractor shall incorporate this clause in all subcontracts that meet the 

conditions in paragraph (a) of this clause. 

(End of clause) 

H.16.4 CAR 1352.239 74 SECURITY PROCESSING REQUIREMENTS FOR 

CONTRACTORS/ SUBCONTRACTOR PERSONNEL FOR ACCESSING DOC 

INFORMATION TECHNOLOGY SYSTEMS 

(a) Contractor personnel requiring any access to systems operated by the Contractor for 

DOC or interconnected to a DOC network to perform contract services shall be screened 

at an appropriate level in accordance with Commerce Acquisition Manual 1337.70, 

Security Processing Requirements for Service Contracts. DOC shall provide screening 

using standard personnel screening forms, which the Contractor shall submit to the DOC 

Contracting Officer's Representative (COR) based on the following guidance: 

1) Contract personnel performing work designated Contract High Risk and 

personnel performing work designated Contract Moderate Risk in the information 

technology (IT) occupations and those with  global access  to an automated 

information system require a favorable pre employment check before the start of 

work on the contract, regardless of the expected duration of the contract. After a 

favorable pre employment check has been obtained, the Background 

Investigation (BI) for Contract High Risk and the Minimum Background 

Investigation (MBI) for Contract IT Moderate Risk positions must be initiated 

within three working days of the start of work. 

2) Contract personnel performing work designated Contract Moderate Risk who 

are not performing IT related contract work do not require a favorable pre 

employment check prior to their employment; however, the Minimum Background 

Investigation (MBI) must be initiated within three working days of the subject's 

start of work on the contract, regardless of the expected duration of the contract. 

3) Contract personnel performing work designated Contract Low Risk will require 

a National Agency Check and Inquiries (NACI) upon the subject's start of work 

on the contract if the expected duration of the contract exceeds 365 calendar 

days. The NACI must be initiated within three working days of the subject's start 

of work on the contract.  

35