• Requirement

    1. Include organizational data ownership requirements in the acquisition contract; and
    2. Require all data to be removed from the contractor’s system and returned to the organization within [Assignment: organization-defined time frame].
  • Discussion

    Contractors who operate a system that contains data owned by an organization initiating the contract have policies and procedures in place to remove the data from their systems and/or return the data in a time frame defined by the contract.

More Info

  • Title

    Acquisition Process | Data Ownership
  • Family

    System and Services Acquisition
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!