Previous Page Next Page Prior Version PDF Version Table of Content DFARS Home Page

subpart 239.71--security and privacy for computer systems

 

 



 239.7100 Scope of subpart.
 239.7101 General.
 239.7102 Security against compromising emanations.
 239.7102-1 General.
 239.7102-2 Validation of TEMPEST compliance.
 239.7102-3 Contract clause.


239.7100  Scope of subpart.

This subpart applies to all acquisitions for computer systems.  It covers both security and Privacy Act considerations.

 

239.7101  General.

Security requirements are in addition to provisions concerning protection of privacy of individuals (see FAR Subpart 24.1).

 

239.7102  Security against compromising emanations.

 

239.7102-1  General.

 

      (a)  The National Security or Atomic Energy Acts, as amended, may require protection of information that is—

 

              (1)  Processed;

 

              (2)  Transmitted;

 

              (3)  Stored;

 

              (4)  Retrieved; or

 

              (5)  Displayed.

 

      (b)  When acquiring computer equipment to be used to process classified information, the contracting officer shall obtain from the requiring activity—

 

              (1)  A determination as to whether the equipment must provide protection against compromising emanations; and

 

              (2)  Identification of an established National TEMPEST standard (e.g., NACSEM 5100, NACSIM 5100A) or a standard used by other authority.

 

      (c)  When contracts will require the use of FIP resources involving classified data, programs, etc., the contracting officer shall obtain from the requiring activity—

 

              (1)  Advice to whether to require contractors performing these services to use equipment meeting the requirements in paragraph (a) of this subsection (as prescribed in the clause at 252.239-7000, Protection Against Compromising Emanations;

 

              (2)  Information concerning any requirement for marking of TEMPEST-certified equipment (especially if to be reused); and

 

              (3)  Information on how to validate TEMPEST equipment compliance with required standards.

 

239.7102-2  Validation of TEMPEST compliance.

Include requirements for validation of TEMPEST compliance in Section E (Inspection and Acceptance) of the contract.

 

239.7102-3  Contract clause.

When contracting for computer equipment or systems that are to be used to process classified information, use the clause at 252.239-7000, Protection Against Compromising Emanations.

 

 

 


Previous Page Next Page Prior Version PDF Version Table of Content DFARS Home Page