Getting a Security Clearance with the Department of Homeland Security Description of the Reasons Why Action by the Agency Is Being Taken, 2. Looking for U.S. government information and services? 1707, 41 U.S.C. 1520.5(a), the SSI Regulation also provides other reasons for protecting information as SSI. Yes, covered persons may share SSI with specific vendors if the vendors have a need to know in order to perform their official duties or to provide technical advice to covered persons to meet security requirements. CISA provides end-to-end exercise planning and conduct support to assist stakeholders in examining their cybersecurity and physical security plans and capabilities. Share sensitive information only on official, secure websites. Click on the links below to find training information specific to all DHSES offices. SIGNATURE OF OFFEROR/CONTRACTOR 30b. documents in the last year, 887 Here you will find policies, procedures, and training requirements for DHS contractors whose solicitations and contracts include the special clauses Safeguarding of Sensitive Information (MARCH 2015) and Information Technology Security and Privacy Training (MARCH 2015). 0000021278 00000 n (b) The contractor shall ensure employees identified in paragraph (a) of this section complete the required training, maintain evidence that the training has been completed and provide copies of the training completion certificates to the Contracting Officer and/or Contracting Officer's Representative for inclusion in the contract file. Secure .gov websites use HTTPS NAME AND TITLE OF SIGNER (Typo or print) AUTHORIZED FOR LOCAL REPRODUCTION PREVIOUS EDmON IS NOT USABLE DATE SIGNED Iii 29. Other applicable authorities that address the responsibility for Federal agencies to ensure appropriate handling and safeguarding of PII include the following Office of Management and Budget (OMB) memoranda and policies: OMB Memorandum M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information issued May 22, 2007; OMB Memorandum M-10-23, Guidance for Agency Use of Third-Party Web sites and Applications issued June 25, 2010 (this memorandum contains the most current definition of PII, and clarifies the definition provided in M-07-16); OMB Circular No. A .gov website belongs to an official government organization in the United States. Personnel who obtain a DAC will have to get a DHS PIV Card later. DHS Security and Training Requirements for information. Web Design System. This prototype edition of the Under Department of Defense Employees, select Start/Continue New CyberAwareness Challenge Department of Defense Version. Federal Register provide legal notice to the public and judicial notice 1303(a)(2), 48 CFR part 1, subpart 1.3, and DHS Delegation Number 0702. Any new Contractor or subcontractor employees assigned to the contract shall complete the training before accessing the information identified in paragraph (a) of this clause. 552a). It is not an official legal edition of the Federal TSA, however, primarily uses the criterion of detrimental to the security of transportation when determining whether information is SSI. Are there restrictions to specific types of email systems when sending SSI? Toll Free Call Center: 1-877-696-6775, Content created by Office of the Chief Information Officer (OCIO), Office of the Chief Information Officer (OCIO), Assistant Secretary for Administration (ASA), Office of Organizational Management (OOM), Federal Real Property Assistance Program (FRPAP), Physical Security, Emergency Management, and Safety, Federal Information Security Management Act (FISMA), Information Security for IT Administrators, Role Based Training for Executives and Managers, Rules of Behavior for Use of HHS Information Resources. In other words, SSI is information that could be used by our adversaries to bypass or defeat transportation security measures. Official websites use .gov All covered persons (e.g., airlines, pipelines) must take reasonable steps to safeguard SSI in their possession or control from unauthorized disclosure (49 C.F.R. This rule is not a major rule under 5 U.S.C. (@1a`/3' PedY 8)a&Sc =K10X031L CC{;[ 0000040406 00000 n An official website of the United States government. Enter your name in the webform below to receive a completion certificate at the end of this course. What should I do when a company, government, transportation authority, or other covered person receives requests for SSI from the media or other non-covered persons? The Paperwork Reduction Act (44 U.S.C. This proposed rule requires contractors to identify its employees and subcontractor employees who require access to PII and SPII, ensure that those employees complete privacy training before being granted access to such information and annually thereafter, provide the Government evidence of the completed training, and maintain evidence of completed training.Start Printed Page 6427. Homeland Security Presidential Directive 12 | Homeland Security - DHS on Learn about the DHS mission and organization. Public reporting burden for this collection of information is estimated to be approximately 30 minutes (.50 hours) per response to comply with the requirements, including time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. the official SGML-based PDF version on govinfo.gov, those relying on it for Ms. Candace Lightfoot, Procurement Analyst, DHS, Office of the Chief Procurement Officer, Acquisition Policy and Legislation at (202) 447-0882 or email [email protected]. This is a significant regulatory action and, therefore, was subject to review under section 6(b) of E.O. The total annual projected number of responses per respondent is estimated at four (4). DHS contracts currently require contractor and subcontractor employees to complete privacy training before accessing a Government system of records; handling Personally Identifiable Information (PII) or Sensitive PII (SPII); or designing, developing, maintaining, or operating a Government system of records. 0000016132 00000 n Read our SSI Best Practices and Quick Reference guides for a quick introduction to SSI handling, sharing, and destroying procedures. With courses ranging from beginner to advanced levels, you can strengthen or build your cybersecurity skillsets at your own pace and schedule! 0000038845 00000 n <]/Prev 643946/XRefStm 2145>> Please contact us at [email protected] for more information. ,d4O+`t&=| Leverage your professional network, and get hired. Subsequent training certificates to satisfy the annual privacy training requirement shall be submitted via email notification not later than October 31st of each year. This includes PII and SPII contained in a system of records consistent with subsection (e) Agency requirements, and subsection (m) Government contractors, of the Privacy Act of 1974, Section 552a of title 5, United States Code (5 U.S.C. There are wide variations in the quality and security of identification used to gain access to secure facilities where there is potential for terrorist attacks. These markup elements allow the user to see how the document follows the The Standard shall not apply to identification associated with national security systems as defined by 44 U.S.C. documents in the last year, 37 on FederalRegister.gov The training shall be completed within thirty (30) days of contract award and on an annual basis thereafter. Learn about our activities that promote meaningful communications with industry. At the heart of the fertile land of Limagne and the pastures of the Massif Central, the Clermont-Auvergne-Rhne-Alpes Centre is one of the institute's historic sites, with cutting-edge research in key sectors of agriculture, environment and food: preventive human nutrition, cereals, product quality, territories, livestock farming, robotics applied to agriculture, tree functioning, etc. DHS Center for Faith-Based and Neighborhood Partnerships, Advance Acquisition Planning: Forecast of Contract Opportunities, DHS Industry-Government Activity Calendar, DHS Security and Training Requirements for Contractors, How to do Business with DHS for Small Businesses, U.S. Strategy on Women, Peace, and Security, DHS Category Management and Strategic Sourcing, Subscribe to Procurement news and updates, Second-Small-Business-to-Small-Business-VOME, 2023 Second Small-to-Small Business Virtual Vendor Outreach Matchmaking Event. Privacy at DHS | Homeland Security can be submitted to the SSI Program at [email protected]. There is no required type of lock or specific way to secure SSI. The Standard will include graduated criteria, from least secure to most secure, to ensure flexibility in selecting the appropriate level of security for each application. 0000024726 00000 n For more information, see SSI Best Practices Guide for Non-DHS Employees. An official website of the U.S. Department of Homeland Security, Cybersecurity & Infrastructure Security Agency, Critical Infrastructure Security and Resilience, Information and Communications Technology Supply Chain Security, HireVue Applicant Reasonable Accommodations Process, Reporting Employee and Contractor Misconduct, Exercise Planning and Conduct Support Services, Federal Virtual Training Environment (FedVTE), Assessment Evaluation and Standardization (AES), Continuous Diagnostics and Mitigation (CDM). This Instruction implements the authority of the Chief Security Officer (CSO) under DHS Directive 121 -01. HSAR 3024.7004, Contract Clause, identifies when Contracting Officers must insert HSAR 3052.224-7X Privacy Training in solicitations and contracts. TheCISA Tabletop Exercise Package (CTEP)is designed to assist critical infrastructure owners and operators in developing their own tabletop exercises to meet the specific needs of their facilities and stakeholders. Not later than 6 months following promulgation of the Standard, the heads of executive departments and agencies shall identify to the Assistant to the President for Homeland Security and the Director of OMB those Federally controlled facilities, Federally controlled information systems, and other Federal applications that are important for security and for which use of the Standard in circumstances not covered by this directive should be considered. SSI Cover Sheet DHS Form 11054 (PDF format | Image format), SSI Best Practices Guide for Non DHS Employees, SSI Quick Reference Guide for DHS Employees and Contractors. What burden, if any, is associated with the requirement to complete DHS-developed privacy training? Not later than 7 months following the promulgation of the Standard, the Assistant to the President for Homeland Security and the Director of OMB shall make recommendations to the President concerning possible use of the Standard for such additional Federal applications. For additional information related to personnel security at DHS, please review the helpful resources provided by our Office of the Chief Security Officer here. Handling means any use of Personally Identifiable Information (PII) or Sensitive PII (SPII), including but not limited to marking, safeguarding, transporting, disseminating, re-using, storing, capturing, and disposing of the information. 47.207-8 Government obligations. Department of Transportation FAA Enterprise Services Center Security Services Security Services Brochure Treasury Bureau of Fiscal Service Health and Human Services Program Support Center SSC Contacts DOJ: Melinda Rogers, [email protected] , (202) 305-7017 DOJ: Darrell Lyons, [email protected] , (202) 598-3344 Interested parties must submit such comments separately and should cite 5 U.S.C. Keys should be stored in an alternate location from the SSI. Course Registration Learning Management System The DHSES Learning Management System allows students to view all DHSES trainings and provides students with a simple and streamlined process to register for them. 0000027018 00000 n However, covered parties are encouraged to use official company or government email when sending SSI. To support social distancing requirements, OCSO is offering an alternate DHS credential known as a Derived Alternate Credential (DAC) to employees in lieu of a DHS Personal Identity Verification (PIV) credential so that personnel can still gain logical access to the DHS network without visiting a DHS Credentialing Facility (DCF). Description of Any Significant Alternatives to the Rule Which Accomplish the Stated Objectives of Applicable Statutes and Which Minimize Any Significant Economic Impact of the Rule on Small Entities, PART 3001FEDERAL ACQUISITION REGULATIONS SYSTEM, Subpart 3001.1Purpose, Authority, Issuance, PART 3024PROTECTION OF PRIVACY AND FREEDOM OF INFORMATION, PART 3052SOLICITATION PROVISIONS AND CONTRACT CLAUSES, Contract Terms and Conditions Applicable to DHS Acquisition of Commercial Items (DATE), https://www.federalregister.gov/d/2017-00752, MODS: Government Publishing Office metadata, http://www.dhs.gov/dhs-security-and-training-requirements-contractors, https://www.whitehouse.gov/sites/default/files/omb/assets/OMB/circulars/a130/a130revised.pdf. Learn how to work with DHS, how we assist small businesses, and about our policies, regulations, and business opportunities. 0000024085 00000 n The OFR/GPO partnership is committed to presenting accurate and reliable Learn about DHS security policies and the training requirements contractors must comply with to safeguard sensitive information provided or developed under DHS contracts. B. No. You may submit comments identified by DHS docket number [DHS-2017-0008], including suggestions for reducing this burden, not later than March 20, 2017 using any one of the following methods: (1) Via the internet at Federal eRulemaking Portal: http://www.regulations.gov. Learn about the types of programs DHS funds to help meet our nation's homeland security challenges. The content and navigation are the same, but the refreshed design is more accessible and mobile-friendly.
