NHLBI Information Technology Security Policies,
Forms and Procedures for Contracts

DHHS requires employees and contractors to protect the Department's data by complying with the HHS Information Security Program Policy.  NHLBI as part of NIH and DHHS is subject to these requirements.

  1. Contract employees should have annual security awareness training.
  2. Designated contractor IT staff must apply for a Public Trust Suitability Determination (personnel security clearance).
  3. The contractor may be required to submit a System Security Plan

1. Security Awareness Training

Contract staff with access to computer systems should have annual computer security awareness training. NIH has an excellent Web-based course, NIH Computer Security Awareness Training that can be used to fulfill this requirement.  

2. Security Clearances

All contractor IT staff working on federal contracts hold Public Trust positions and must have security investigations at the appropriate level. A brief outline of the clearance process is given below, along with links to sample filled-out forms.  Links to additional information about OPM investigations and clearances are provided at the end of this document.

The requirement for security investigations applies only to applicable contractors. Offerors are not required to obtain background investigations to submit a proposal. Refer to Section L of the RFP to determine if security investigations will be required for any contract resulting from an award.

Personnel Security Clearance Process

The Project Officer and Information Systems Security Officer (ISSO) determine which contract employees need background investigations and level of clearance needed.  The Contracting Officer will inform the contractor which positions require security investigations and the levels for each, and request a contact e-mail address and phone number for each person who needs a background investigation.  Contract employees will receive further instructions via email from the Security Investigation Reviewer.  Contract employees must use the web application e-QIP, to complete the forms, except for the Fingerprint Card.

Personnel Security Investigation Forms

Level 1C. The following forms are required for each contract employee assigned to a Level 1C position:

Level 5C and 6C. The following forms are required for each contract employee assigned to a Level 5C & 6C position:

* Contractors in the Bethesda, Maryland area can obtain digital fingerprints from the NIH Police. Fingerprint cards are not needed for digital fingerprints.

If you have questions about the process, you may e-mail the appropriate ISSO

Additional information about investigations and clearances:

3. Systems Security Plan

A System Security Plan (SSP) is required when the overall sensitivity and criticality level is moderate or greater; however, there may be instances when a SSP is required when the sensitivity and criticality levels are low. Contractors must use the Microsoft Word Document NIH Application/System Security Plan Template.

Last updated: February 07, 2007

Skip footer links and go to content