NASA Security Requirements for Unclassified IT Resources Valerie Seaquist 23 Jan 2002 09:43 EST

Good Morning --

Have any of you accepted NASA or NASA pass-through contract clauses
containing the relatively new NASA FAR clause 1852.204-75, "Security
Requirements for Unclassified Information Technology Resources" (July 2001)?
If the clause is applicable to your level of contact with NASA IT resources,
you may be required to develop an Information Technology Security Plan which
NASA must approve; limit personnel access to the NASA IT resources (develop
a screening program to include fingerprinting, questionnaires, name checks);
and give NASA access to your facilities, documentation, databases and
personnel. Maybe I'm becoming unnecessarily concerned but this seems a bit
excessive for unclassified data.

Has anyone out there developed a plan & procedure they would be willing to
share or advice on the process? Thank you.

Val Seaquist
Office of Research Administration
The University of Alabama in Huntsville

======================================================================
 Instructions on how to use the RESADM-L Mailing List, including
 subscription information and a web-searchable archive, are available
 via our web site at http://www.hrinet.org (click on "Listserv Lists")
======================================================================