NHLBI Information Technology Security Policies,
Forms and Procedures for Contracts
DHHS requires employees and contractors to protect the Department's data by complying with the
HHS Information Security Program Policy. NHLBI as part of NIH and DHHS is subject to these requirements.
- Contract employees should have annual security awareness training.
- Designated contractor IT staff must apply for a Public Trust Suitability Determination (personnel security clearance).
- The contractor may be required to submit a System Security Plan
1. Security Awareness Training
Contract staff with access to computer systems should have annual computer security awareness training. NIH has an excellent Web-based course, NIH Computer Security Awareness Training that can be used to fulfill this requirement.
2. Security Clearances
All contractor IT staff working on federal contracts hold Public Trust positions and must have security investigations at the appropriate level. A brief outline
of the clearance process is given below, along with links to
sample filled-out forms. Links to additional information about
OPM investigations and clearances are provided at the end of this document.
The requirement for security investigations applies only to applicable contractors. Offerors are not required to obtain background investigations to submit a proposal. Refer to Section L of the RFP to determine if security investigations will be required for any contract resulting from an award.
Personnel Security Clearance Process
The Project Officer and Information Systems Security Officer (ISSO) determine which contract employees need background investigations and level of clearance needed. The Contracting Officer will inform the contractor which positions require security investigations and the levels for each,
and request a contact e-mail address and phone number for each person who needs a background
investigation. Contract employees will receive further instructions via email
from the
Security Investigation Reviewer. Contract
employees must use the web application e-QIP,
to complete the forms, except for the Fingerprint Card.
Personnel Security Investigation Forms
Level 1C. The following forms are required for each contract employee assigned to a Level 1C position:
- SF 85–Questionnaire for Non-Sensitive Positions
- OF 306 Declaration for Federal Employment
- FD 258Fingerprint Card*
- Current Resumé
Level 5C and 6C. The following forms are required for each contract employee assigned to a Level 5C & 6C position:
- SF 85P–Questionnaire for Public Trust Positions
- DHHS Credit Release Form
- OF 306Declaration for Federal Employment
- FD 258Fingerprint Card*
- Current Resumé
* Contractors in the Bethesda, Maryland area can obtain digital fingerprints from the NIH Police. Fingerprint cards are not needed for digital fingerprints.
If you have questions about the process, you may e-mail the appropriate ISSO Additional information about investigations and clearances:
3. Systems Security Plan
A System Security Plan (SSP) is required when the overall sensitivity and criticality level is moderate or greater; however, there may be instances when a SSP is required when the sensitivity and criticality levels are low. Contractors must use the NIH Application/System Security Plan Template.
Last updated: February 07, 2007 |