|Skip left side navigation and go to content||
NHLBI Information Technology Security Policies, Forms and Procedures for Contracts
DHHS requires employees and contractors to protect the Department's data by complying with the HHS Information Security Program Policy. NHLBI as part of NIH and DHHS is subject to these requirements.
Contract staff with access to computer systems should have annual computer security awareness training. NIH has an excellent Web-based course, NIH Computer Security Awareness Training that can be used to fulfill this requirement.
Contractor IT staff working on federal contracts hold Public Trust positions and must have background investigations at the appropriate level. A brief outline of the clearance process is given below, along with links to sample filled-out forms. Links to additional information about OPM investigations and clearances are provided at the end of this document.
The requirement for background investigations applies only to applicable contractors. Offerors are not required to obtain background investigations to submit a proposal. Refer to Section L of the RFP to determine if security investigations will be required for any contract resulting from an award.
The Project Officer and Information Systems Security Officer (ISSO) determine which contract employees need background investigations and level of clearance needed. The Contracting Officer will inform the contractor which positions require background investigations and the levels for each, and request a contact e-mail address and phone number for each person who needs a background investigation. Contract employees will receive further instructions via email from the NIH Division of Personnel Security and Access Control (DPSAC). Contract employees must use the web application e-QIP, to complete the forms, except for the Fingerprint Card.
Level 1. The following forms are required for each contract employee assigned to a Level 1, low sensitivity position:
Level 5 and 6. The following forms are required for each contract employee assigned to a Level 5 moderate and 6 high sensitivity position:
* Contractors in the Bethesda, Maryland area can obtain digital fingerprints from the NIH Police. Fingerprint cards are not needed for digital fingerprints.
If you have questions about the process, you may e-mail the appropriate ISSO
A System Security Plan (SSP) is required when the overall sensitivity and criticality level is moderate or greater; however, there may be instances when a SSP is required when the sensitivity and criticality levels are low. Contractors must use the NIH System Security Plan (SSP) Outline (FIPS 200 - Extended version).
Last updated: March 4, 2009