e-CFR banner

Home
gpo.gov
govinfo.gov

e-CFR Navigation Aids

Browse

Simple Search

Advanced Search

 — Boolean

 — Proximity

 

Search History

Search Tips

Corrections

Latest Updates

User Info

FAQs

Agency List

Incorporation By Reference

eCFR logo

Related Resources

The Code of Federal Regulations (CFR) annual edition is the codification of the general and permanent rules published in the Federal Register by the departments and agencies of the Federal Government produced by the Office of the Federal Register (OFR) and the Government Publishing Office.

Download the Code of Federal Regulations in XML.

Download the Electronic Code of Federal Regulations in XML.

Monthly Title and Part user viewing data for the e-CFR is available for download in CSV format.

Parallel Table of Authorities and Rules for the Code of Federal Regulations and the United States Code
Text | PDF

Find, review, and submit comments on Federal rules that are open for comment and published in the Federal Register using Regulations.gov.

Purchase individual CFR titles from the U.S. Government Online Bookstore.

Find issues of the CFR (including issues prior to 1996) at a local Federal depository library.

[A1]

 

Electronic Code of Federal Regulations

e-CFR data is current as of April 1, 2020

Title 48Chapter 5Subchapter F → Part 539

Title 48: Federal Acquisition Regulations System

PART 539—ACQUISITION OF INFORMATION TECHNOLOGY

Contents

Subpart 539.70—Additional Requirements for Purchases Not in Support of National Security Systems

539.7000   Scope of subpart.
539.7001   Policy.
539.7002   Solicitation provisions and contract clauses.

Authority: 40 U.S.C. 121(c).

Source: 76 FR 34888, June 15, 2011, unless otherwise noted.

Subpart 539.70—Additional Requirements for Purchases Not in Support of National Security Systems

539.7000   Scope of subpart.

This subpart prescribes acquisition policies and procedures for use in acquiring information technology supplies, services and systems not in support of national security systems, as defined by FAR part 39.

539.7001   Policy.

(a) GSA must provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. Section 3544(a)(1)(A)(ii) of the Federal Information Security Management Act (FISMA) describes Federal agency security responsibilities as including “information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency.”

(b) Employees responsible for or procuring information technology supplies, services and systems shall possess the appropriate security clearance associated with the level of security classification related to the acquisition. They include, but are not limited to contracting officers, contract specialists, project/program managers, and contracting officer representatives.

(c) Contracting activities shall coordinate with requiring activities and program officials to ensure that the solicitation documents include the appropriate information security requirements. The information security requirements must be sufficiently detailed to enable service providers to fully understand the information security regulations, mandates, and requirements that they will be subject to under the contract or task order.

(d) GSA's Office of the Senior Agency Information Security Officer issued CIO IT Security Procedural Guide 09-48, “Security Language for Information Technology Acquisitions Efforts,” to provide IT security standards, policies and reporting requirements that shall be inserted in all solicitations and contracts or task orders where an information system is contractor owned and operated on behalf of the Federal Government. The guide can be accessed at http://www.gsa.gov/portal/category/25690.

539.7002   Solicitation provisions and contract clauses.

(a) The contracting officer shall insert the provision at 552.239-70, Information Technology Security Plan and Security Authorization, in solicitations that include information technology supplies, services or systems in which the contractor will have physical or electronic access to government information that directly supports the mission of GSA.

(b) The contracting officer shall insert the clause at 552.239-71, Security Requirements for Unclassified Information Technology Resources, in solicitations and contracts containing the provision at 552.239-70. The provision and clause shall not be inserted in solicitations and contracts for personal services with individuals.

Need assistance?