This subpart applies to all acquisitions for computer systems. It covers both security and Privacy Act considerations.
Security requirements are in addition to provisions concerning protection of privacy of individuals (see FAR Subpart 24.1).
(a) The National Security or Atomic Energy Acts, as amended, may require protection of information that is-
(4) Retrieved; or
(b) When acquiring computer equipment to be used to process classified information, the contracting officer shall obtain from the requiring activity-
(1) A determination as to whether the equipment must provide protection against compromising emanations; and
(2) Identification of an established National TEMPEST standard (e.g., NACSEM 5100, NACSIM 5100A) or a standard used by other authority.
(c) When contracts will require the use of FIP resources involving classified data, programs, etc., the contracting officer shall obtain from the requiring activity-
(1) Advice to whether to require contractors performing these services to use equipment meeting the requirements in paragraph (a) of this subsection (as prescribed in the clause at 252.239-7000, Protection Against Compromising Emanations;
(2) Information concerning any requirement for marking of TEMPEST-certified equipment (especially if to be reused); and
(3) Information on how to validate TEMPEST equipment compliance with required standards.
Include requirements for validation of TEMPEST compliance in Section E (Inspection and Acceptance) of the contract.
When contracting for computer equipment or systems that are to be used to process classified information, use the clause at 252.239-7000, Protection Against Compromising Emanations.