Va Fillable Contract Form PDF Details

In the modern era where information security is paramount, especially within government institutions, the VA Contract form stands out as a critical tool in ensuring that all acquisitions, especially those involving information technology (IT) services, comply with rigorous security standards. It is guided by the comprehensive VA Directive and Handbook 6500, along with other relevant directives and handbooks, which together establish a robust framework for security across the Veterans Affairs (VA) systems. This form is meticulously designed to assess and implement necessary security and privacy controls right at the initiation phase of contracts or agreements involving IT services. It demands collaborative efforts from key members of the Acquisition Team, including but not limited to the Procurement Requestor, Contracting Officer Representative (COR), Information Security Officer (ISO), and the Contracting Officer (CO). The form meticulously inquires into the nature of the acquisition, the involvement of VA sensitive information, the requirement of contractor personnel services, and the use of contractor-owned IT systems, aiming to tailor security measures accordingly. It also necessitates contractor adherence to certain security policies, incorporating clauses from Appendices B and C into contracts, planning for the certification and accreditation of contractor systems, and ensuring annual compliance with the Federal Information Security Management Act (FISMA). Specifically, it delineates procedures for acquisitions that either require VA system access or involve the storage, generation, transmission, or exchange of VA sensitive information, thereby setting the groundwork for protecting the integrity, confidentiality, and availability of such information.

QuestionAnswer
Form NameVa Fillable Contract Form
Form Length6 pages
Fillable?No
Fillable fields0
Avg. time to fill out1 min 30 sec
Other namesvha handbook 6500, 6500 6 appendix a fillable, va 6500, va form 10 0539

Form Preview Example

Reference: ____________________

HANDBOOK 6500.6

 

APPENDIX A

CHECKLIST FOR INFORMATION SECURITY IN THE INITIATION PHASE OF

ACQUISITIONS

1. BACKGROUND

In accordance with VA policy, contractors’ storage, generation, transmission or exchanging of VA sensitive information requires appropriate security controls to be in place. The VA Information Security Program policy – VA Directive and Handbook 6500 and additional 6500 series directives and handbooks - provide the framework for security within VA.

2. INSTRUCTIONS

This checklist must be completed at the initiation of all IT service acquisitions, statements of work, third-party service agreements and any other legally binding agreement in order to determine what, if any, security and privacy controls are necessary specifically as it relates to the VAAR security clause. OGC guidance should be sought on data ownership issues, as necessary. The checklist can also be used for other types of contracts, if appropriate or needed. In order to successfully complete this checklist, each question below must be addressed in coordination with all members of the local Acquisition Team including: the Procurement Requestor or Program Manager from the program office or facility, the Contracting Officer Representative (COR), the Information Security Officer (ISO), the Contracting Officer (CO) from the program office or facility’s servicing Acquisition office, and the Privacy Officer (PO). The ISO is the arbitrator if there are questions or disagreements on the appropriate answers.

Reference: ____________________

 

HANDBOOK 6500.6

 

 

 

 

APPENDIX A

 

 

 

 

 

 

 

 

 

1.

Is this an acquisition or purchase of only commodities or

 

 

 

 

 

 

 

 

goods (e.g. equipment or software)?

Yes

 

No

 

 

 

 

If yes, then the security clause is not required as long as

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

VA sensitive information is not involved.

 

 

 

 

 

 

 

 

If no, then proceed to the next question.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

2.

Does the contract involve “VA sensitive information?”

 

 

 

 

 

 

 

 

(See 3. PROCEDURES a.)

Yes

 

No

 

 

 

 

If yes, proceed to next question.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

If no, then the security clause is not required.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

3.

Will this acquisition require services of contractor

 

 

 

 

 

 

 

 

personnel?

Yes

 

No

 

 

 

If no, proceed to question 5.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

If yes, proceed to next question.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

4.

Will the personnel perform a function that requires

 

 

 

 

 

 

 

 

access to a VA system or VA sensitive information (e.g.,

Yes

 

No

 

 

 

system administrator privileged access to a VA system,

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

or contractor systems or processes that utilize VA

 

 

 

 

 

 

 

 

sensitive information)?

 

 

 

 

 

 

 

 

NOTE: See 3.a. under PROCEDURES regarding

 

 

 

 

 

 

 

 

contracts and agreements concerning medical

 

 

 

 

 

 

 

 

treatment for Veterans.

 

 

 

 

 

 

 

 

If the answer above is no, then proceed to the next

 

 

 

 

 

 

 

 

question.

 

 

 

 

 

 

 

 

If yes, then VA security policies apply. Contracting

 

 

 

 

 

 

 

 

Officials need to work with the Program Manager or

 

 

 

 

 

 

 

 

(procurement requestor), COTR, PO, and ISO to:

 

 

 

 

 

 

 

 

i. Include the appropriate risk designation of the

 

 

 

 

 

 

 

 

contractors based on the PDAT determination.

 

 

 

 

 

 

 

 

ii. Incorporate the security clause (Appendix B) into the

 

 

 

 

 

 

 

 

contract involved and the appropriate security/privacy

 

 

 

 

 

 

 

 

language outlined in Appendix C into the solicitation.

 

 

 

 

 

 

 

 

iii. Determine if protected health information is

 

 

 

 

 

 

 

 

disclosed or accessed and if a BAA is required.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Reference: ____________________

HANDBOOK 6500.6

 

APPENDIX A

5.

Will this acquisition require use of a contractor-owned Information Technology (IT) system or computer assets, and

a.The IT system hardware components are located at an offsite contractor facility; and

b.The IT system is not connected to a VA network;

and

c.The contractor has exclusive administrative control to the components; and

d.The purpose of the requirement for the system is to process or store VA information on behalf of the VA.

If any of the answers to 5a-5d are no, proceed to the next question.

If yes, then VA security policies apply. Incorporate the clause from Appendix B and the appropriate security/privacy language from Appendix C respectively into the solicitation and contract and initiate planning for the certification and accreditation of the contractor system(s). Contracting Officials need to work with the COTR and ISO to:

Determine the security impact of the IT system as High, Moderate, or Low per 6500 Handbook, Information Security Program.

Ensure Contractor understanding of the IT security requirements for certification and accreditation (authorization) (C&A) of the contractor system. See VA Handbook 6500.3, Certification and Accreditation.

Ensure that the proper VA Management Official is appointed by the Certification Program Office to formally authorize operation of the system in accordance with VA Handbook 6500 and 6500.3.

Enforce contractor performance (timely submission of deliverables, compliance with personnel screening requirements, maintenance of secure system configurations and participation in annual IT Federal Information Security Management Act (FISMA) assessments to ensure compliance with FISMA

Yes

 

No

Yes

 

No

 

 

Yes

 

No

 

 

Yes

 

No

 

 

Yes

 

No

 

 

 

 

 

Reference: ____________________

 

HANDBOOK 6500.6

 

 

 

APPENDIX A

 

 

 

 

 

 

requirements).

 

 

 

 

 

Ensure yearly FISMA assessments are completed

 

 

 

 

 

and uploaded into SMART.

 

 

 

 

 

 

 

 

 

 

 

6. Will this acquisition require services that involve

 

 

 

 

 

connection of one or more contractor-owned IT devices

Yes

 

No

 

 

(such as a laptop computer or remote connection from a

 

 

 

 

 

 

 

 

 

 

contractor system) to a VA internal trusted (i.e., non-

 

 

 

 

 

public) network?

 

 

 

 

 

If no, then include a statement in the SOW that “The

 

 

 

 

 

C&A requirements do not apply, and that a Security

 

 

 

 

 

Accreditation Package is not required: and proceed to

 

 

 

 

 

the next question.

 

 

 

 

 

If yes, then incorporate the security clause from

 

 

 

 

 

Appendix B and the appropriate security/privacy

 

 

 

 

 

language from Appendix C respectively into the

 

 

 

 

 

solicitation and contract. Contracting Officials need to

 

 

 

 

 

work with the COR and the ISO to:

 

 

 

 

 

Ensure contractor understands and implements the IT security requirements for system interconnection documents required per the Memorandum of Understanding or Interconnection Agreement (MOU- ISA). The standard operating procedure (SOP) and a template for a MOU-ISA are located on the Information Protection Risk Management (IPRM) Portal and can be provided to the contractor.

Ensure contractor understands their participation in IT security requirements for C&A of the VA system to which they connect.

Enforce contractor performance (timely submission of deliverables, compliance with personnel screening requirements, and appropriate termination activity as appropriate).

7.Is the acquisition a service that involves the storage,

generating, transmitting, or exchanging of VA sensitive

Yes

 

No

information but does not require C&A or a MOU-ISA for

 

 

 

 

 

 

system interconnection?

 

 

 

If no, then specify the mechanism/documentation used

 

 

 

to ensure the VA sensitive information is protected.

 

 

 

Reference: ____________________

HANDBOOK 6500.6

 

APPENDIX A

If yes, then incorporate the security clause and the appropriate security language from Appendices B and C into the solicitation and contract. The COTR needs to:

Ensure that a Contractor Security Control Assessment (CSCA) is completed within 30 days of contract approval and yearly on the renewal date of the contract.

Ensure that the CSCA is sent to the ISO and the OCS Certification Program Office for review to ensure that appropriate security controls are being implemented in service contracts.

Ensure a copy of the CSCA is maintained in the Security Management and Reporting Tool (SMART) database. COTR will provide a copy of the completed CSCA to ISO for uploading into SMART database.

Reference: ____________________

HANDBOOK 6500.6

 

APPENDIX A

3. SIGNATURES

Please provide the name and telephone number of each Acquisition Team member who participated in completing this checklist. By signing this checklist, the Contracting Officer is representing that Security was considered for this requirement through coordination with members of the Acquisition Team including the program or requesting office's IT Security point of contact.

(1)Contracting Officer Representative:

Name:Phone:

Signature:Date:

(2)Information Security Officer:

Name:Phone:

Signature:Date:

(3)Contracting Officer:

Name:Phone:

Signature:Date:

(4)Procurement Requestor/Program Manager:

Name:Phone:

Title:

Signature:Date:

(5)Privacy Officer:

Name:Phone:

Signature:Date:

(6)Other Team Members participating in the acquisition (e.g., Records Management Officer/Compliance Officer):

Name:Phone:

Title:

Signature:Date:

How to Edit Va Fillable Contract Form Online for Free

Working with PDF files online is actually surprisingly easy with our PDF tool. You can fill in va handbook 6500 6 here effortlessly. To have our editor on the leading edge of practicality, we work to put into operation user-driven capabilities and enhancements regularly. We are routinely looking for feedback - assist us with remolding PDF editing. With some basic steps, it is possible to begin your PDF editing:

Step 1: Open the PDF doc in our editor by clicking the "Get Form Button" in the top part of this webpage.

Step 2: This editor will give you the capability to work with the majority of PDF forms in a range of ways. Modify it by writing any text, correct what's originally in the document, and add a signature - all at your fingertips!

As for the fields of this precise PDF, here is what you want to do:

1. To get started, when filling out the va handbook 6500 6, start with the section containing following blanks:

Step no. 1 of filling in handbook 6500 6 appendix a

2. After filling in the previous part, head on to the subsequent part and fill out the necessary details in all these blanks - Reference HANDBOOK APPENDIX A, Is this an acquisition or purchase, Yes, Does the contract involve VA, See PROCEDURES a If yes proceed, Yes, Will this acquisition require, and personnel If no proceed to.

Yes, Is this an acquisition or purchase, and Reference  HANDBOOK  APPENDIX A in handbook 6500 6 appendix a

3. Completing Yes, personnel If no proceed to, Will the personnel perform a, and access to a VA system or VA is essential for the next step, make sure to fill them out in their entirety. Don't miss any details!

handbook 6500 6 appendix a completion process detailed (stage 3)

4. It's time to proceed to the next portion! Here you'll get all of these Reference HANDBOOK APPENDIX A, Yes Yes Yes Yes Yes, Will this acquisition require use, Information Technology IT system, next question, and If yes then VA security policies blanks to fill out.

Stage number 4 for filling in handbook 6500 6 appendix a

5. This form must be wrapped up by dealing with this segment. Below you can see an extensive set of form fields that have to be filled in with specific details for your document usage to be faultless: Reference HANDBOOK APPENDIX A, Yes, requirements, Ensure yearly FISMA assessments, and uploaded into SMART, Will this acquisition require, and connection of one or more.

and uploaded into SMART, Yes, and connection of one or more inside handbook 6500 6 appendix a

As to and uploaded into SMART and Yes, ensure that you take another look here. These two are the most significant fields in this file.

Step 3: Prior to moving on, you should make sure that all form fields were filled in the right way. When you’re satisfied with it, press “Done." Right after setting up afree trial account here, you will be able to download va handbook 6500 6 or send it through email promptly. The document will also be at your disposal in your personal account page with all of your modifications. Here at FormsPal, we aim to be sure that your information is kept protected.