Federal Awards and Data Protection Standards
Some federal awards/subawards (issued as contracts) include clauses that require additional data security.
Research that includes the receipt, or in some cases the creation, of Controlled Unclassified Information (CUI) (which includes several categories of data including Covered Defense Information (CDI) and Government-Furnished Information (GFI)) requires a consultation with the Director of Research Security and SBU's Information Security Program.
Read more about government classified and controlled unclassified information.
Contract Clauses that Require Enhanced IT and Physical Security Measures:
- 52.204-21 Basic Safeguarding of Covered Contractor Information Systems
- 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting
- 252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements
- 252.204-7020 NIST SP 800-171 DoD Assessment Requirements
- These clauses are often included with 252.204-7000 Disclosure of Information which is a prior approval publication restriction if a fundamental research determination is not granted by the U.S. federal sponsor's contracting officer.
Restrictions on Certain Telecommunications and Surveillance Equipment
Government contracting clauses that implement prohibitions from National Defense Authorization Acts. All purchases for these types of services, hardware and software must go through Procurement to ensure compliance with these regulations.
- 52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab and Other Covered Entities
- 52.204-24 Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment
- 52.204-25 Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment
- 52.204-26 Covered Telecommunications Equipment or Services-Representation
Restriction on ByteDance Covered Applications (e.g., TikTok, Capcut, Lemon8)
Government contracting clause that restricts the use of ByteDance applications (covered applications) on information technology, university of personally owned equipment (such as computers, tablets and phones) that store, access or transmit federal contract information and data (used to any extent on a government contract).