DHHS requires employees and contractors to protect the Department's data by complying with the DHHS Automated Information Systems Security Program (AISSP) Handbook. As part of NIH and DHHS, NICHD is subject to these requirements.
Complete a roster of personnel working on the contract using the spreadsheet below. The contractor is to complete the first section of the spreadsheet including name, e-mail, position and data access requirements pertaining to security designations. For example, at one end of the spectrum would be a typical user who has access to non-sensitive information from their desktop via a web application. This would probably translate to a 1C designation and a minimal investigation. An individual who was the system administrator for the web server that provided that information has greater access to data and might require a 5c designation and more extensive investigation.
The completed spreadsheet is to be sent to the NICHD
project officer (
The Project Officer and Information Systems Security Officer (ISSO) determine which contract employees need suitability determinations and the level of clearance needed. The contractor will be informed which positions require security clearances and the levels for each.
Contract employees should fill out the appropriate forms and return them to the NICHD CIO’s office at the following address:
6100 Executive Boulevard
Suite5F01 MSC 7510
Bethesda MD 20892-7510
The forms will be checked for completeness and filled in with the appropriate agency codes at the top of the form.
Links to additional information about OPM investigations and clearances are provided at the end of this document.
Level 1C. The following forms are required for each contract employee assigned to a Level 1C position:
Level 5C and 6C. The following forms are required for each contract employee assigned to a Level 5C & 6C position:
Optional. Continuation Sheet for Questionnaires SF 85 and SF 85P, if needed.
* Instructions for filling out the SF85 and SF85P can be found at http://www.nichd.nih.gov/stand/security/forms_tips.htm.
** Contractors in the
To have the NIH Police make a digital copy of your fingerprints, contact:
Sgt. Mike McGraw
To set up an appointment for
digitized fingerprints. Sgt. McGraw and the NIH Police prefer that you come in
the morning between 8-11 A.M. to the Bldg. 31 office in the B3 (ground) level
of the C wing directly behind the parking office; the room number is B3-B17.
If digitized fingerprints have been or will be obtained, it is important to notify your Project Manager or Project Officer. This has to be documented in a memo attached to the forms package to make sure the individual's package does not get rejected for lack of a fingerprint card. Why? Because digitized fingerprints are transmitted directly to OPM so there will be no fingerprint card. If there is no statement and no fingerprint card, NICHD will presume that the investigations package is incomplete and will return it to the sender.
If you have questions about the process, you may E-mail the NICHD ISSO (NIHNICHDisso@mail.nih.gov)
3. Security Awareness Training and Non-Disclosure Agreement
Contract staff with access to computer systems are required to have annual computer security awareness training and sign a Non-Disclosure Agreement Form prior to starting work on the contract. NIH has an excellent web-based course, NIH Computer Security Awareness Training that can be used to fulfill this requirement.
4. Systems Security Plan
A System Security Plan (SSP) is required when the overall sensitivity and criticality level is moderate or greater. However, there may be instances when a SSP is required when the sensitivity and critically levels are low. If required, contractors must use the
Last updated: November 08, 2004
Policies | Accessibility