As prescribed in AIDAR 739.106(d), insert the following clause in Section I of solicitations and contracts:
(a) Definitions. As used in this contract: Project Website means a website that is:
(1) funded under this contract;
(2) hosted outside of a Federal Government domain (i.e., “.gov”);
(3) operated exclusively by the Contractor, who is responsible for all website content, operations and management, information security, and disposition of the website;
(4) not operated by or on behalf of USAID; and
(5) does not provide official USAID communications, information, or services.
(b) Requirements. The Contractor must adhere to the following requirements when developing, launching, or maintaining a Project Website:
(1) Domain name. The domain name of the website must not contain the term “USAID”. The domain name must be registered in the Contractor's business name with the relevant domain registrar on the relevant domain name registry.
(2) Information to be collected. In the website, the Contractor may collect only the amount of information necessary to complete the specific business need. The Contractor must not collect or store privacy information that is unnecessary for the website to operate, or is prohibited by statute, regulation, or Executive Order.
(3) Disclaimer. The website must be marked on the index page of the site and every major entry point to the website with a disclaimer that states: “The information provided on this website is not official U.S. Government information and does not represent the views or positions of the U.S. Agency for International Development or the U.S. Government.”
(4) Accessibility. To comply with the requirements of the Section 508 of the Rehabilitation Act, as amended (29 U.S.C. 794d), the Contractor must ensure the website meets all applicable accessibility standards (“Web-based intranet and internet information and applications”) at 36 CFR part 1194, Appendix D.
(5) Information security: The Contractor is solely responsible for the information security of the website. This includes incident response activities as well as all security safeguards, including adequate protection from unauthorized access, alteration, disclosure, or misuse of information collected, processed, stored, transmitted, or published on the website. The Contractor must minimize and mitigate security risks, promote the integrity and availability of website information, and use state-of-the-art: system/software management; engineering and development; event logging; and secure-coding practices that are equal to or better than USAID standards and information security best practices. Rigorous security safeguards, including but not limited to, virus protection; network intrusion detection and prevention programs; and vulnerability management systems must be implemented and critical security issues must be resolved within 30 calendar days.
(c) Disposition. At least 120 days prior to the contract end date, unless otherwise approved by the Contracting Officer, the Contractor must submit for the Contracting Officer's approval a disposition plan that addresses how any Project Website funded under this contract will be transitioned to another entity or decommissioned and archived. If the website will be transitioned to another entity, the disposition plan must provide details on the Contractor's proposed approach for the transfer of associated electronic records, technical documentation regarding the website's development and maintenance, and event logs. Prior to the end of the contract, the Contractor must comply with the disposition plan approved by the Contracting Officer.
(d) Subcontracts. The Contractor must insert this clause in all subcontracts that involve the development, launch, or maintenance of a Project Website. The Contractor is responsible for the submission of any information as required under paragraphs (b) and (c) of this clause.