Agencies shall ensure that contracts for information technology address protection of privacy in accordance with the Privacy Act ( 5 U.S.C.552a) and part 24. In addition, each agency shall ensure that contracts for the design, development, or operation of a system of records using commercial information technology services or information technology support services include the following:
(a) Agency rules of conduct that the contractor and the contractor’s employees shall be required to follow.
(b) A list of the anticipated threats and hazards that the contractor must guard against.
(c) A description of the safeguards that the contractor must specifically provide.
(d) Requirements for a program of Government inspection during performance of the contract that will ensure the continued efficacy and efficiency of safeguards and the discovery and countering of new threats and hazards.