(a) DHS requires that CUI be safeguarded when it resides on DHS-owned and operated information systems, DHS-owned and contractor-operated information systems, contractor-owned and/or operated information systems operating on behalf of the Department, and any situation where contractor and/or subcontractor employees may have access to CUI because of their relationship with DHS. There are several Department policies and procedures (accessible at https://www.dhs.gov/dhs-security-and-training-requirements-contractors) that also address the safeguarding of CUI. Compliance with these policies and procedures, as amended, is required.

(b) DHS requires contractor employees that require recurring access to government facilities or access to CUI to complete such forms as may be necessary for security or other reasons, including the conduct of background investigations to determine fitness. Department policies and procedures that address contractor employee fitness are contained in Instruction Handbook Number 121–01–007, The Department of Homeland Security Personnel Suitability and Security Program. Compliance with these policies and procedures, as amended, is required.