(a) Agencies shall ensure that information assurance is provided for information technology in accordance with current policies, procedures, and statutes, to include—
(1) The National Security Act;
(2) The Clinger-Cohen Act;
(3) National Security Telecommunications and Information Systems Security Policy No. 11;
(4) Federal Information Processing Standards;
(5) DoD Directive 8500.1, Information Assurance;
(6) DoD Instruction 8500.2, Information Assurance Implementation;
(7) DoD Directive 8140.01, Cyberspace Workforce Management; and
(8) DoD Manual 8570.01-M, Information Assurance Workforce Improvement Program.
(b) For all acquisitions, the requiring activity is responsible for providing to the contracting officer—
(1) Statements of work, specifications, or statements of objectives that meet information assurance requirements as specified in paragraph (a) of this subsection;
(2) Inspection and acceptance contract requirements; and
(3) A determination as to whether the information technology requires protection against compromising emanations.
[69 FR 35534, June 25, 2004, as amended at 73 FR 1829, Jan. 10, 2008; 75 FR 34946, June 21, 2010; 80 FR 56930, Sept. 21, 2015]