252.204-7009.dita

Files changed (1) hide show

dita/252.204-7009.dita +70 -50

dita/252.204-7009.dita CHANGED Viewed

@@ -1,56 +1,76 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE dita
-  PUBLIC "-//OASIS//DTD DITA Composite//EN" "ditabase.dtd">
-<dita xmlns:ditaarch="http://dita.oasis-open.org/architecture/2005/"
-      domains="(topic task)                            (topic concept)                            (topic concept glossentry)                            (topic concept glossgroup)                            (topic reference)                            (topic troubleshooting++task) (topic task)                            (topic abbrev-d)                            a(props deliveryTarget)                            (topic equation-d)                            (topic hazard-d)                            (topic hi-d)                            (topic indexing-d)                            (topic markup-d)                            (topic mathml-d)                            (topic pr-d)                            (topic relmgmt-d)                            (topic sw-d)                            (topic svg-d)                            (topic ui-d)                            (topic ut-d)                            (topic markup-d xml-d)                            (topic task strictTaskbody-c)   "
-      ditaarch:DITAArchVersion="1.3">
-   <concept id="DFARS_252.204-7009"
-            ditaarch:DITAArchVersion="1.3"
-            class="- topic/topic concept/concept ">
-      <title class="- topic/title ">
-         <ph props="autonumber" class="- topic/ph ">252.204-7009</ph> Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information.</title>
-      <conbody outputclass="clause" class="- topic/body  concept/conbody ">
-         <p class="- topic/p ">As prescribed in
-               <xref outputclass="fm:ParaNumOnly"
-                  class="- topic/xref "
-                  base="DFARS-204.7304"
-                  href="204.7304.dita#DFARS_204.7304">204.7304</xref>
+<!DOCTYPE dita PUBLIC "-//OASIS//DTD DITA Composite//EN" "ditabase.dtd">
+<dita xmlns:ditaarch="http://dita.oasis-open.org/architecture/2005/" domains="(topic task)                            (topic concept)                            (topic concept glossentry)                            (topic concept glossgroup)                            (topic reference)                            (topic troubleshooting++task) (topic task)                            (topic abbrev-d)                            a(props deliveryTarget)                            (topic equation-d)                            (topic hazard-d)                            (topic hi-d)                            (topic indexing-d)                            (topic markup-d)                            (topic mathml-d)                            (topic pr-d)                            (topic relmgmt-d)                            (topic sw-d)                            (topic svg-d)                            (topic ui-d)                            (topic ut-d)                            (topic markup-d xml-d)                            (topic task strictTaskbody-c)   " ditaarch:DITAArchVersion="1.3">
+  <concept id="DFARS_252.204-7009" ditaarch:DITAArchVersion="1.3" class="- topic/topic concept/concept ">
+    <title class="- topic/title "><ph props="autonumber" class="- topic/ph ">252.204-7009</ph> Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information.</title>
+    <conbody outputclass="clause" class="- topic/body  concept/conbody ">
+      <p class="- topic/p ">As prescribed in
+               <xref outputclass="fm:ParaNumOnly" class="- topic/xref " base="DFARS-204.7304" href="204.7304.dita#DFARS_204.7304">204.7304</xref>
             (b), use the following clause:</p>
-         <p class="- topic/p " outputclass="Ctr_SmCaps">LIMITATIONS ON THE USE OR DISCLOSURE OF THIRD-PARTY  CONTRACTOR REPORTED CYBER INCIDENT INFORMATION (JAN 2023)</p>
-         <p outputclass="List1" class="- topic/p ">(a)  <i class="+ topic/ph hi-d/i ">Definitions.</i>  As used in this clause<i class="+ topic/ph hi-d/i ">—</i>
+      <p class="- topic/p " outputclass="Ctr_SmCaps">LIMITATIONS ON THE USE OR DISCLOSURE OF THIRD-PARTY  CONTRACTOR REPORTED CYBER INCIDENT INFORMATION (JAN 2023)</p>
+      <info li_elems="0"/>
+      <ol>
+        <li>
+          <p outputclass="List1" class="- topic/p "><ph props="autonumber" class="-topic/ph">(a)</ph><i class="+ topic/ph hi-d/i ">Definitions.</i>  As used in this clause<i class="+ topic/ph hi-d/i ">—</i>
          </p>
-         <p class="- topic/p ">“Compromise” means disclosure of information to unauthorized persons, or a violation of the security policy of a system, in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object, or the copying of information to unauthorized media may have occurred.</p>
-         <p class="- topic/p ">“Controlled technical information” means technical information with military or space application that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination.  Controlled technical information would meet the criteria, if disseminated, for distribution statements B through F using the criteria set forth in DoD Instruction 5230.24, Distribution Statements on Technical Documents.  The term does not include information that is lawfully publicly available without restrictions.</p>
-         <p class="- topic/p ">“Covered defense information” means unclassified controlled technical information or other information (as described in the Controlled Unclassified Information (CUI) Registry at http://www.archives.gov/cui/registry/category-list.html) that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Governmentwide policies, and is—</p>
-         <p outputclass="List2" class="- topic/p ">(1)  Marked or otherwise identified in the contract, task order, or delivery order and provided to the contractor by or on behalf of DoD in support of the performance of the contract; or</p>
-         <p outputclass="List2" class="- topic/p ">(2)  Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract.</p>
-         <p class="- topic/p ">“Cyber incident” means actions taken through the use of computer networks that result in a compromise or an actual or potentially adverse effect on an information system and/or the information residing therein.</p>
-         <p class="- topic/p ">“Information system” means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.</p>
-         <p class="- topic/p ">“Media” means physical devices or writing surfaces including, but is not limited to, magnetic tapes, optical disks, magnetic disks, large-scale integration memory chips, and printouts onto which covered defense information is recorded, stored, or printed within a covered contractor information system.</p>
-         <p class="- topic/p ">“Technical information” means technical data or computer software, as those terms are defined in the clause at DFARS <xref outputclass="fm:ParaNumOnly"
-                  class="- topic/xref "
-                  base="i1382636"
-                  href="252.227-7013.dita#DFARS_252.227-7013">252.227-7013</xref> , Rights in Technical Data-Other Than Commercial Products and Commercial Services, regardless of whether or not the clause is incorporated in this solicitation or contract. Examples of technical information include research and engineering data, engineering drawings, and associated lists, specifications, standards, process sheets, manuals, technical reports, technical orders, catalog-item identifications, data sets, studies and analyses and related information, and computer software executable code and source code.</p>
-         <p outputclass="List1" class="- topic/p ">(b)  <i class="+ topic/ph hi-d/i ">Restrictions.  </i>The Contractor agrees that the following conditions apply to any information it receives or creates in the performance of this contract that is information obtained from a third-party’s reporting of a cyber incident pursuant to DFARS clause
-               <xref outputclass="fm:ParaNumOnly"
-                  class="- topic/xref "
-                  base="i1380987"
-                  href="252.204-7012.dita#DFARS_252.204-7012">252.204-7012</xref>
+          <p class="- topic/p ">“Compromise” means disclosure of information to unauthorized persons, or a violation of the security policy of a system, in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object, or the copying of information to unauthorized media may have occurred.</p>
+          <p class="- topic/p ">“Controlled technical information” means technical information with military or space application that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination.  Controlled technical information would meet the criteria, if disseminated, for distribution statements B through F using the criteria set forth in DoD Instruction 5230.24, Distribution Statements on Technical Documents.  The term does not include information that is lawfully publicly available without restrictions.</p>
+          <p class="- topic/p ">“Covered defense information” means unclassified controlled technical information or other information (as described in the Controlled Unclassified Information (CUI) Registry at http://www.archives.gov/cui/registry/category-list.html) that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Governmentwide policies, and is—</p>
+          <info li_elems="0"/>
+          <ol>
+            <li>
+              <p outputclass="List2" class="- topic/p "><ph props="autonumber" class="-topic/ph">(1)</ph> Marked or otherwise identified in the contract, task order, or delivery order and provided to the contractor by or on behalf of DoD in support of the performance of the contract; or</p>
+            </li>
+            <li>
+              <p outputclass="List2" class="- topic/p "><ph props="autonumber" class="-topic/ph">(2)</ph> Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract.</p>
+            </li>
+          </ol>
+              <p class="- topic/p ">“Cyber incident” means actions taken through the use of computer networks that result in a compromise or an actual or potentially adverse effect on an information system and/or the information residing therein.</p>
+              <p class="- topic/p ">“Information system” means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.</p>
+              <p class="- topic/p ">“Media” means physical devices or writing surfaces including, but is not limited to, magnetic tapes, optical disks, magnetic disks, large-scale integration memory chips, and printouts onto which covered defense information is recorded, stored, or printed within a covered contractor information system.</p>
+              <p class="- topic/p ">“Technical information” means technical data or computer software, as those terms are defined in the clause at DFARS <xref outputclass="fm:ParaNumOnly" class="- topic/xref " base="i1382636" href="252.227-7013.dita#DFARS_252.227-7013">252.227-7013</xref> , Rights in Technical Data-Other Than Commercial Products and Commercial Services, regardless of whether or not the clause is incorporated in this solicitation or contract. Examples of technical information include research and engineering data, engineering drawings, and associated lists, specifications, standards, process sheets, manuals, technical reports, technical orders, catalog-item identifications, data sets, studies and analyses and related information, and computer software executable code and source code.</p>
+              <info li_elems="2"/>
+        </li>
+        <li>
+          <p outputclass="List1" class="- topic/p "><ph props="autonumber" class="-topic/ph">(b)</ph><i class="+ topic/ph hi-d/i ">Restrictions.  </i>The Contractor agrees that the following conditions apply to any information it receives or creates in the performance of this contract that is information obtained from a third-party's reporting of a cyber incident pursuant to DFARS clause
+               <xref outputclass="fm:ParaNumOnly" class="- topic/xref " base="i1380987" href="252.204-7012.dita#DFARS_252.204-7012">252.204-7012</xref>
             , Safeguarding Covered Defense Information and Cyber Incident Reporting (or derived from such information obtained under that clause):</p>
-         <p outputclass="List2" class="- topic/p ">(1)  The Contractor shall access and use the information only for the purpose of furnishing advice or technical assistance directly to the Government in support of the Government’s activities related to clause
-               <xref outputclass="fm:ParaNumOnly"
-                  class="- topic/xref "
-                  base="i1380987"
-                  href="252.204-7012.dita#DFARS_252.204-7012">252.204-7012</xref>
+          <info li_elems="0"/>
+          <ol>
+            <li>
+              <p outputclass="List2" class="- topic/p "><ph props="autonumber" class="-topic/ph">(1)</ph> The Contractor shall access and use the information only for the purpose of furnishing advice or technical assistance directly to the Government in support of the Government's activities related to clause
+               <xref outputclass="fm:ParaNumOnly" class="- topic/xref " base="i1380987" href="252.204-7012.dita#DFARS_252.204-7012">252.204-7012</xref>
             , and shall not be used for any other purpose.</p>
-         <p outputclass="List2" class="- topic/p ">(2)  The Contractor shall protect the information against unauthorized release or disclosure.</p>
-         <p outputclass="List2" class="- topic/p ">(3)  The Contractor shall ensure that its employees are subject to use and non-disclosure obligations consistent with this clause prior to the employees being provided access to or use of the information.</p>
-         <p outputclass="List2" class="- topic/p ">(4)  The third-party contractor that reported the cyber incident is a third-party beneficiary of the non-disclosure agreement between the Government and Contractor, as required by paragraph (b)(3) of this clause.</p>
-         <p outputclass="List2" class="- topic/p ">(5)  A breach of these obligations or restrictions may subject the Contractor to—</p>
-         <p outputclass="List3" class="- topic/p ">(i)  Criminal, civil, administrative, and contractual actions in law and equity for penalties, damages, and other appropriate remedies by the United States; and</p>
-         <p outputclass="List3" class="- topic/p ">(ii)  Civil actions for damages and other appropriate remedies by the third party that reported the cyber incident, as a third party beneficiary of this clause.</p>
-         <p outputclass="List1" class="- topic/p ">(c)  <i class="+ topic/ph hi-d/i ">Subcontracts</i>.  The Contractor shall include this clause, including this paragraph (c), in subcontracts, or similar contractual instruments, for services that include support for the Government’s activities related to safeguarding covered defense information and cyber incident reporting, including subcontracts for commercial items, without alteration, except to identify the parties.</p>
-         <p outputclass="Endofclause" class="- topic/p ">(End of clause)</p>
-      </conbody>
-   </concept>
+            </li>
+            <li>
+              <p outputclass="List2" class="- topic/p "><ph props="autonumber" class="-topic/ph">(2)</ph> The Contractor shall protect the information against unauthorized release or disclosure.</p>
+            </li>
+            <li>
+              <p outputclass="List2" class="- topic/p "><ph props="autonumber" class="-topic/ph">(3)</ph> The Contractor shall ensure that its employees are subject to use and non-disclosure obligations consistent with this clause prior to the employees being provided access to or use of the information.</p>
+            </li>
+            <li>
+              <p outputclass="List2" class="- topic/p "><ph props="autonumber" class="-topic/ph">(4)</ph> The third-party contractor that reported the cyber incident is a third-party beneficiary of the non-disclosure agreement between the Government and Contractor, as required by paragraph (b)(3) of this clause.</p>
+            </li>
+            <li>
+              <p outputclass="List2" class="- topic/p "><ph props="autonumber" class="-topic/ph">(5)</ph> A breach of these obligations or restrictions may subject the Contractor to—</p>
+              <info li_elems="0"/>
+              <ol>
+                <li>
+                  <p outputclass="List3" class="- topic/p "><ph props="autonumber" class="-topic/ph">(i)</ph> Criminal, civil, administrative, and contractual actions in law and equity for penalties, damages, and other appropriate remedies by the United States; and</p>
+                </li>
+                <li>
+                  <p outputclass="List3" class="- topic/p "><ph props="autonumber" class="-topic/ph">(ii)</ph> Civil actions for damages and other appropriate remedies by the third party that reported the cyber incident, as a third party beneficiary of this clause.</p>
+                  <info li_elems="3"/>
+                </li>
+              </ol>
+            </li>
+          </ol>
+        </li>
+        <li>
+          <p outputclass="List1" class="- topic/p "><ph props="autonumber" class="-topic/ph">(c)</ph><i class="+ topic/ph hi-d/i ">Subcontracts</i>.  The Contractor shall include this clause, including this paragraph (c), in subcontracts, or similar contractual instruments, for services that include support for the Government's activities related to safeguarding covered defense information and cyber incident reporting, including subcontracts for commercial items, without alteration, except to identify the parties.</p>
+        </li>
+      </ol>
+      <p outputclass="Endofclause" class="- topic/p ">(End of clause)</p>
+    </conbody>
+  </concept>
 </dita>