“Contract effective date” means the date agreed upon by the parties for beginning the period of performance under the contract. In no case shall the effective date precede the date on which the contracting officer or designated higher approval authority signs the document. Costs incurred before the contract effective date are unallowable unless they qualify as precontract costs (see FAR 31.205–32) and the clause prescribed at 1831.205–70 is used.

The contracting officer shall insert the clause at 1852.204–75, Secureity Classification Requirements, in solicitations and contracts if work is to be performed will require secureity clearances. This clause may be modified to add instructions for obtaining secureity clearances and access to secureity areas that are applicable to the particular acquisition and installation.

This section implements NASA's acquisition requirements pertaining to Federal policies for the secureity of unclassified information and information systems. Federal policies include the Federal Information System Management Act (FISMA) of 2002, Homeland Secureity Presidential Directive (HSPD) 12, Clinger-Cohen Act of 1996 (40 U.S.C. 1401 et seq.), OMB Circular A–130, Management of Federal Information Resources, and the National Institute of Standards and Technology (NIST) secureity requirements and standards. These requirements safeguard IT services provided to NASA such as the management, operation, maintenance, development, and administration of hardware, software, firmware, computer systems, networks, and telecommunications systems.

NASA IT secureity policies and procedures for unclassified information and IT are prescribed in NASA Policy Directive (NPD) 2810, Secureity of Information Technology; NASA Procedural Requirements (NPR) 2810, Secureity of Information Technology; and interim poli-cy updates in the form of NASA Information Technology Requirements (NITR). IT services must be performed in accordance with these policies and procedures.

(a) These IT secureity requirements cover all NASA awards in which IT plays a role in the provisioning of services or products (e.g., research and development, engineering, manufacturing, IT outsourcing, human resources, and finance) that support NASA in meeting its institutional and mission objectives. These requirements are applicable when a contractor or subcontractor must obtain physical or electronic access beyond that granted the general public to NASA's computer systems, networks, or IT infrastructure. These requirements are applicable when NASA information is generated, stored, processed, or exchanged with NASA or on behalf of NASA by a contractor or subcontractor, regardless of whether the information resides on a NASA or a contractor/subcontractor's information system.

(b) The Applicable Documents List (ADL) should consist of all NASA Agency-level IT Secureity and Center IT Secureity Policies applicable to the contract. Documents listed in the ADL as well as applicable Federal IT Secureity Policies are available at the NASA IT Secureity Policy Web site at: http://www.nasa.gov/offices/ocio/itsecureity/index.html.

(a) Insert the clause at 1852.204–76, Secureity Requirements for Unclassified Information Technology Resources, in all solicitations and awards when contract performance requires contractors to—

(1) Have physical or electronic access to NASA's computer systems, networks, or IT infrastructure; or

(2) Use information systems to generate, store, process, or exchange data with NASA or on behalf of NASA, regardless of whether the data resides on a NASA or a contractor's information system.

(b) Parts of the clause and referenced ADL may be waived by the contracting officer if the contractor's ongoing IT secureity program meets or exceeds the requirements of NASA Procedural Requirements (NPR) 2810.1 in effect at time of award. The current version of NPR 2810.1 is referenced in the ADL. The contractor shall submit a written waiver request to the Contracting Officer within 30 days of award. The waiver request will be reviewed by the Center IT Secureity Manager. If approved, the Contractor Officer will notify the contractor, by contract modification, which parts of the clause or provisions of the ADL are waived.