Contracting Officers are responsible for ensuring that all information technology acquisitions comply with the Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy Policy, and FISMA-related FAR and HHSAR requirements. This policy does not apply to national security systems as defined in FISMA.