1. CLEARANCE AND SAFEGUARDING DEPARTMENT OF DEFENSE CONTRACT SECURITY CLASSIFICATION SPECIFICATION a. FACILITY CLEARANCE REQUIRED b. LEVEL OF SAFEGUARDING REQUIRED Print TOP SECRET (The requirements of the DoD Industrial Security Manual apply to all security aspects of this effort.) SECRET 2. THIS SPECIFICATION IS FOR: (X and complete as applicable) 3. THIS SPECIFICATION IS: (X and complete as applicable) a. PRIME CONTRACT NUMBER a. ORIGINAL (Complete date in all cases) b. SUBCONTRACT NUMBER c. SOLICITATION OR OTHER NUMBER DUE DATE (YYYYMMDD) 4. IS THIS A FOLLOW-ON CONTRACT? YES REVISION NO. 3 c. FINAL (Complete Item 5 in all cases) 20140916 DATE (YYYYMMDD) 20161212 DATE (YYYYMMDD) NO. If Yes, complete the following: Classified material received or generated under 5. IS THIS A FINAL DD FORM 254? b. REVISED (Supersedes all previous specs) DATE (YYYYMMDD) (Preceding Contract Number) is transferred to this follow-on contract. YES In response to the contractor's request dated NO. If Yes, complete the following:, retention of the classified material is authorized for the period of 6. CONTRACTOR (Include Commercial and Government Entity (CAGE) Code) a. NAME, ADDRESS, AND ZIP CODE b. CAGE CODE Cisco systems, Inc P.O. Box 1084 Columbia, MD 21044 1SM79 c. COGNIZANT SECURITY OFFICE (Name, Address, and Zip Code) Defense Security Service (DSS) 7556 Teague Road, Suite 580 Hanover, MD 21076 7. SUBCONTRACTOR a. NAME, ADDRESS, AND ZIP CODE b. CAGE CODE c. COGNIZANT SECURITY OFFICE (Name, Address, and Zip Code) b. CAGE CODE c. COGNIZANT SECURITY OFFICE (Name, Address, and Zip Code) 8. ACTUAL PERFORMANCE a. LOCATION Army CIO/G6 Security 5850 23rd St. Bldg 220 Ft. Belvoir, VA 22060 See block 13 9. GENERAL IDENTIFICATION OF THIS PROCUREMENT Cisco Combined Services SMARTNet support, Advanced Services support, Classified Network Support (CNS) on all DoD owned Cisco hardware and software globally. 10. CONTRACTOR WILL REQUIRE ACCESS TO: YES NO 11. IN PERFORMING THIS CONTRACT, THE CONTRACTOR WILL: a. a. COMMUNICATIONS SECURITY (COMSEC) INFORMATION b. RESTRICTED DATA b. RECEIVE CLASSIFIED DOCUMENTS ONLY c. CRITICAL NUCLEAR WEAPON DESIGN INFORMATION c. RECEIVE AND GENERATE CLASSIFIED MATERIAL d. FORMERLY RESTRICTED DATA d. FABRICATE, MODIFY, OR STORE CLASSIFIED HARDWARE INTELLIGENCE INFORMATION e. PERFORM SERVICES ONLY e. (1) Sensitive Compartmented Information (SCI) (2) Non-SCI f. HAVE ACCESS TO U.S. CLASSIFIED INFORMATION OUTSIDE THE U.S., PUERTO RICO, U.S. POSSESSIONS AND TRUST TERRITORIES g. BE AUTHORIZED TO USE THE SERVICES OF DEFENSE TECHNICAL INFORMATION CENTER (DTIC) OR OTHER SECONDARY DISTRIBUTION CENTER SPECIAL ACCESS INFORMATION h. REQUIRE A COMSEC ACCOUNT g. NATO INFORMATION i. HAVE TEMPEST REQUIREMENTS h. FOREIGN GOVERNMENT INFORMATION j. HAVE OPERATIONS SECURITY (OPSEC) REQUIREMENTS i. LIMITED DISSEMINATION INFORMATION k. BE AUTHORIZED TO USE THE DEFENSE COURIER SERVICE j. FOR OFFICIAL USE ONLY INFORMATION l. OTHER (Specify) f. k. OTHER (Specify) NIPRNET, SIPRNET ACCESS, JWICS, NSANET and DREN DD FORM 254, DEC 1999 YES NO HAVE ACCESS TO CLASSIFIED INFORMATION ONLY AT ANOTHER CONTRACTOR'S FACILITY OR A GOVERNMENT ACTIVITY IT-1 Access required PREVIOUS EDITION IS OBSOLETE. Reset
Prime Rev3 Cisco 6-17-17 12. PUBLIC RELEASE. Any information (classified or unclassified) pertaining to this contract shall not be released for public dissemination except as provided by the Industrial Security Manual or unless it has been approved for public release by appropriate U.S. Government authority. Proposed public releases shall be submitted for approval prior to release Direct Through (Specify) NO Public Release is Authorized. Public Release of SCI/SAP is not authorized to the Directorate for Freedom of Information and Security Review, Office of the Assistant Secretary of Defense (Public Affairs)* for review. *In the case of non-dod User Agencies, requests for disclosure shall be submitted to that agency. 13. SECURITY GUIDANCE. The security classifiection guidance needed for this classified effort is identified below. If any difficulty is encountered in applying this guidance or if any other contributing factor indicates a need for changes in this guidance, the contractor is authorized and encouraged to provide recommended changes; to challenge the guidance or the classification assigned to any information or material furnished or generated under this contract; and to submit any questions for interpretation of this guidance to the official identified below. Pending final decision, the information involved shall be handled and protected at the highest level of classification assigned or recommended. (Fill in as appropriate for the classified effort. Attach, or forward under separate correspondence, any documents/guides/extracts referenced herein. Add additional pages as needed to provide complete guidance.) Period of Performance: 18 June 2016 to 17 June 2017 Ref 10a. COMSEC- Contractor is authorized to receive Government furnished cryptographic equipment. Access to classified COMSEC information requires a final Government clearance at the appropriate level. Further disclosure of COMSEC information by a contractor, to include subcontracting, requires proper approval pf the Government contracting activity. Non-accountable COMSEC information, though not tracked in the COMSEC material control systems, may still require a level of control within a document control system. Refer to NSA CSS Manual 3-16, Control of Communications Security Materia l, Page E-4 for guidance. Ref 10e(1)- this contract requires access to SCI. a. The number of personnel required to have access to SCI is determined by the COR/TM and the DISA SSO. b. The Director, Defense Intelligence Agency (DIA) and Director, Defense Information Systems Agency (DISA), as the executive agent for DIA, have exclusive security responsibility for SCI released to the contractor or developed under this contract. c. Contractor generated or Government furnished material may not be provided to the Defense Technical Information Center. Contract generated technical reports will the statement Not Releasable to the Defense Technical Information Center per DoD Instruction 5230.24. d. All contractor personnel requiring access to SCI information must be: U.S. citizens, have been granted a final ICD 704 security clearance by the U.S. Government, and have been indoctrinated for the applicable for the applicable compartments of SCI access prior to being given any access to such information released or generated under the contract. e. Classified material released or generated under this contract is not releasable to foreign national without the expressed written permission of the Director, DISA (through the DISA SSO) and Director, DIA. f. SCI received under this contract may not be released to subcontractors without permission of the DISA SSO. Ref 10 e (2)- the contractor will abide by DCID 6/6 (formerly 1/7), Security Controls on the Dissemination of Intelligence Information, 11 July 2001. Provided under separate cover. Yes (If Yes, identify the pertinent contractual clauses in the contract document itself, or provide an appropriate statement which identifies the additional requirements. Provide a copy of the requirements to the cognizant security office. Use Item 13 if additional space is needed.) 14. ADDITIONAL SECURITY REQUIREMENTS. Requirements, in addition to ISM requirements, are established for this contract. No OPSEC requirements apply. Guidance provided in Block 13 as reference Block 11i Yes No (If Yes, explain and identify specific areas or elements carved out and the activity responsible for inspections. Use Item 13 if additional space is needed.) 15. INSPECTIONS. Elements of this contract are outside the inspection responsibility of the cognizant security office. 16. CERTIFICATION AND SIGNATURE. Security requirements stated herein are complete and adequate for safeguarding the classified information to be released or generated under this classified effort. All questions shall be referred to the official named below. a. TYPED NAME OF CERTIFYING OFFICIAL b. TITLE Veronica S. Wright Contracting Officer Representative d. ADDRESS (Include Zip Code) c. TELEPHONE (Include Area Code) 17. REQUIRED DISTRIBUTION DISA/DITCO/PL8321 2300 E. Drive, Bldg. 2600, Scott AFB IL 62225 e. SIGNATURE c. COGNIZANT SECURITY OFFICE FOR PRIME AND SUBCONTRACTOR d. U.S. ACTIVITY RESPONSIBLE FOR OVERSEAS SECURITY ADMINISTRATION Digitally signed by WRIGHT.VERONICA.S.1022841358 DN: c=us, o=u.s. Government, ou=dod, ou=pki, ou=disa, cn=wright.veronica.s.1022841358 Date: 2016.09.21 10:37:19-04'00' DD FORM 254 (BACK), DEC 1999 a. CONTRACTOR b. SUBCONTRACTOR WRIGHT.VERONICA.S.1022841358 (301) 255-2261 e. ADMINISTRATIVE CONTRACTING OFFICER f. OTHERS AS NECESSARY Reset
6(&85,7<*8,'$1&( &21 7 6ROLFLWDWLRQRU&RQWUDFW 3DJH 1 Ref 10f cont. (1) To execute this contract, additional security requirements in addition to DoD 5220.22-M will be required. The contractor shall comply with the security provisions of these programs. Marking and/or classification guidance for material originated or generated under this contract will be provided through the SAP Management Office under separate cover. Any material generated by the contractor (including correspondence, drawings, models, mockups, photographs, schematics, progress, special and inspection reports, engineering notes, computations and training aids) shall be classified according to content. Guidance for classification shall be derived from the applicable Security Classification Guides, documents, or special instructions. Such material shall not contain contractor logos or similar identifiers which identify the specific contractor or team members. (2) The Contractor Special Security Officers shall coordinate with the DISA Security Office (MPS6) and SAP Management Office prior to subcontracting any portion of this contract. (3) All personnel requiring access to SAP information must be U.S. citizens, have been granted a final U.S. Government security clearance, and have been indoctrinated for the applicable SAP prior to being given access to such information generated or received under this contract. (4) Contractor generated or Government furnished material may not be provided to the Defense Technical Information Center. Contractor generated reports will bear the statement: Not Releasable to the Defense Technical Information Center per DoD Instruction 5230.24. (5) Upon expiration of this contract, the contractor is required to have a close-out inspection by the DISA SSO and/or SAP Management Office to ensure proper disposition of material and equipment. The contractor shall request disposition instructions for all classified and unclassified project material. The contractor may be directed to properly destroy the material or return it. If classified or unclassified project material is to be retained by the contractor, every effort should be taken to transfer it to a follow-on contract or similar effort, if applicable. This must be done, however, with the contracting officer s (KO) approval. The material shall be returned or destroyed as instructed, unless written authorization by the KO to retain specific material for a specific period of time is received. Any exception to security policy shall be referred to the Cognizant Security Office and the DISA Security Office (MPS6) for coordination with the appropriate agency(s) and the KO. (6) The contractor is required to have a close-out inspection Ref 10g- NATO- Designated contractor/subcontract personnel will require a NATO access briefing in order to perform on this contract. The purpose of providing a NATO awareness briefing is to inform personnel how to protect NATO information in the event they come across it while on the SIPRNET. See 10k below for additional information. In addition the contractor and COR/TM will re-validate all SCI billets under this contract with the DISA SSO annually or when a revised DD Form 254 issued, whichever is sooner. Ref10h- All SCI visit request by contractors shall be forwarded to the COR/TM for approval and need-to-know certification before being sent trough the DISA SSO to the facility to be visited. Ref 10j- FOUO- information provided under this contract shall be safeguarded as specified IAW DoDM 5200.0 I-V4, February 24, 2012, DoD Information Security Program: Controlled Unclassified Information. Ref 10k- Other- SIPRNet and JWICS Access are required at the Government facility. Ref 11c- Contractor will reference the appropriate security classification guidance when generating or deriving classified material or hardware. All classified information received or generated will be properly stored and handled according to the markings on the material. All classified information received or generated is the property of the U.S. Government. At the termination or expiration of this contract, the U.S. Government will be contacted for proper disposition instructions. Contractor will abide by the following security classification guidance. Ref11f- Contractors when performing or traveling outside the United Stated under this contract will: DISA, AFRICOM a) All personnel will obtain an AOR specific foreign travel brief within 90 days and will be provided proof of training to the COR/TM b) All personnel will receive the Anti terrorism Level 1 Awareness training within one year prior to travel. '')250 &21 7 0$<
6(&85,7<*8,'$1&( &21 7 6ROLFLWDWLRQRU&RQWUDFW 3DJH 1 Ref 11h- Contractor will store accountable COMSEC Information at their cleared facility in the performance of a contract. CISCO Systems, Research Triangle Park, NC. Ref11k- Contractors requiring to courier classified information or equipment, up to Top Secret shall receive a Government Issued Collateral Courier from the Government Security office prior to couriering classified information or material in support of official duties. The contractor will only be issued a collateral courier card to hand carry classified information or equipment if there are no other means of safely and securely transporting or sending the classified information or equipment. The contractors must also have a requirement to courier any classified information or equipment. The contractors must also have a requirement to courier any classified information or equipment on a weekly basis. A courier letter can be issued by the Government Security Manager if there is a requirement to courier periodically. All contractors will follow the DoD Manual 5200.01. Information Security and the collateral courier card Standard Operating Procedures (SOP) that is issued by the DISA Security Office. A collateral courier card letter will only be issued up to the clearance level of the individual contractor. Ref11j- The contractor will comply with OPSEC requirements contained in the contract or attached under separate cover. Ref11-IT-1 access required. Ref Block 14- The contractor will be provided and will abide by ICD 503, Intelligence Community Information Technology Systems Security: Risk Management, Certification and Accreditation, September 15 2008 and by ICD 705 Sensitive Compartmented Information, facilities, May 26, 2010. Provided under separate cover. When SCI or SAP task are sub-contracted, the sub-contractor DD254 must be sent to the DISA Industrial PM and be processed through the DISA SSO and or Program Security Officer for approval. '')250 &21 7 0$<
6(&85,7<*8,'$1&( &21 7 6ROLFLWDWLRQRU&RQWUDFW 3DJH 3 Additional Security Requirements: Subcontracting CISCO is authorized to subcontract on this effort provided the company(s) is/are fully vetted, (i.e., verified in the Industrial Security Facility Database (ISFD) and holds an active Facility Security Clearance (FCL) at the appropriate level in order to support this contract). The Period of Performance will be included on all subcontractor DD254 s Issued by CISCO. CISCO shall provide a fully executed copy of the Subcontractor DD254 s to the U.S. Government. CISCO will send the appropriate requirements as applicable. A list of potential subcontracts is attached. (Attachment 1) Furthermore, the U.S. Government will provide the contractor issuance of identification badges and/or entry passes/vehicles decals and Common Access Card (CAC) appropriate for base entrance. The US Government SCI addendum to DD254 will provide guidance on classified network environment infrastructure ( or what is considered classified). All applicable security directives/guidance for this contract will be provided by the COR listed in block 16. All information derived from this effort owned by the US Government will be returned to the government upon completion. Status of Forces Agreement (SOFA) Contract Clause: the US Government will coordinate and initiate SOFA/TESA status for CISCO personnel. Alternate Work Performance Locations: Cognizant Security Office: 13600 Dulles Technology Drive Herndon, VA 21071 CAGE Code: 0SCE1 SCIF ID: NSA-IND-01-0015 Defense Security Serv (IOFCCI) 14428 Albermarle Point Place, Ste 140 Chantilly, VA 20151 FSO: Alma Edmonds Phone 703-428-0018 CISCO Systems 7025 Kit Creek Road Bldg 2 Research Triangle Park, NC 27709 Cage Code: 03UZ7 Defense Security Serv (IOFSV) 277 Bendix Road, Ste 200 Virginia Beach, VA 23452 FSO: Kathryn Hare Block 13 General Information: All classified visit requests by contractors shall be forwarded to the Contracting Officer Representative (COR) for approval and need to know classification before being sent to the facility to be visited. All visit access requests (VAR) by contractors shall be sent via the Joint Personnel Adjudication Systems (JPAS) to the DISA VAR Center (JPAS SMO:DKABAA10) or appropriate SMO for the effort. The COR/TM must approve the VAR prior to sending the request to the facility being visited. Contractor s musts also provide a copy of the VAR to the security manager. The COR/TM must be notified and approve the receipt and/or generation of classified information under this contract. All classified information received and/or generated under this contract is the property of the U.S. Government regardless of proprietary claims. Upon completion or termination of this contract, the US Government will be contacted for destruction or disposition instructions. Foreign Nationals will not perform on any area of the contract (classified or unclassified). Block 14 cont Additional Security Guidance: When SCI or SAP tasks are sub-contracted, the sub-contractor DD254 must be sent to the DISA Industrial Security PM and be processed through the DISA SSO and or Program Security Officer for approval. See Attached Security Guidance and SCI Addendum See Attached Terms and Conditions '')250 &21 7 0$<
6(&85,7<*8,'$1&( &21 7 6ROLFLWDWLRQRU&RQWUDFW '')250 &21 7 0$< 3DJH
6(&85,7<*8,'$1&( &21 7 6ROLFLWDWLRQRU&RQWUDFW '')250 &21 7 0$< 3DJH
DD FORM 254, SECURITY SIGNATURE PAGE PRIME CONTRACT NUMBER: SUBCONTRACT NUMBER: _ CERTIFICATION AND SIGNATURES: Security requirement stated herein are completed and adequate for safeguarding the classified information to be release or generated under this classified effort. All questions shall be referred to the official named below. Digitally signed by BLACKBURN.ERIC.D.1104223067 DN: c=us, o=u.s. Government, ou=dod, ou=pki, ou=disa, cn=blackburn.eric.d.1104223067 Date: 2017.01.11 10:17:13-05'00' BLACKBURN.ER IC.D.1104223067 Security Office Approval Name: Title: Eric Blackburn Industrial Security PM Security Office Approval Name: Title: BLACKBURN.ER IC.D.1104223067 Digitally signed by BLACKBURN.ERIC.D.1104223067 DN: c=us, o=u.s. Government, ou=dod, ou=pki, ou=disa, cn=blackburn.eric.d.1104223067 Date: 2017.01.11 10:17:28-05'00' Name: Eric Blackburn Title: Industrial Security PM Name: Title: