Federal Acquisition Regulation; FAR Case 2005-017, Requirement to Purchase Approved Authentication Products and Services, 49405-49407 [06-7088]

Download as PDF Federal Register / Vol. 71, No. 163 / Wednesday, August 23, 2006 / Proposed Rules Census Bureau data indicate that there are 858 U.S. firms that manufacture radio and television broadcasting and communications equipment, and that 778 of these firms have fewer than 750 employees and would therefore be classified as small entities. We do not have information that indicates how many of the six radio equipment manufacturers associated with this proceeding are among these 778 firms. Motorola, however, is a major, nationwide radio equipment manufacturer, and thus, we conclude that it would not qualify as a small business. Description of Projected Reporting, Recordkeeping, and Other Compliance Requirements 32. The NPRM neither proposes nor anticipates any additional reporting, recordkeeping or other compliance measures. Steps Taken To Minimize Significant Economic Impact on Small Entities, and Significant Alternatives Considered 33. The RFA requires an agency to describe any significant alternatives that it has considered in reaching its proposed approach, which may include the following four alternatives (among others): (1) The establishment of differing compliance or reporting requirements or timetables that take into account the resources available to small entities; (2) the clarification, consolidation, or simplification of compliance or reporting requirements under the rule for small entities; (3) the use of performance, rather than design, standards; and (4) an exemption from coverage of the rule, or any part thereof, for small entities. 34. The NPRM solicits comment on various proposals set forth herein. For example, the Commission seeks comment on its proposal to authorize use of frequency 173.075 MHz by rule rather than by individual licensing. These proposals are made to reduce the regulatory burden for SVRS licensees, most of whom are small police entities. sroberts on PROD1PC70 with PROPOSALS Federal Rules That May Duplicate, Overlap, or Conflict With the Proposed Rules 35. None. III. Ordering Clauses 36. Pursuant to sections 4(i), 303(f) and (r), and 332 of the Communications Act of 1934, as amended, 47 U.S.C. 154(i), 303(f), 303(r), 332, this Notice of Proposed Rulemaking is adopted. 37. It is further ordered that the Commission’s Consumer and Government Affairs Bureau, Reference VerDate Aug<31>2005 15:59 Aug 22, 2006 Jkt 208001 Information Center, shall send a copy of the Notice of Proposed Rulemaking including the Initial Regulatory Flexibility Analysis, to the Chief Counsel for Advocacy of the Small Business Administration. List of Subjects in 47 CFR Part 90 Communications equipment, Radio. Federal Communications Commission. William F. Caton, Deputy Secretary. Proposed Rules For the reasons discussed in the preamble, the Federal Communications Commission proposes to amend 47 CFR part 90 as follows: PART 90—PRIVATE LAND MOBILE RADIO SERVICES 1. The authority citation for part 90 continues to read as follows: Authority: Sections 4(i), 11, 303(g), 303(r) and 332(c)(7) of the Communications Act of 1934 as amended, 47 U.S.C. 154(i), 161, 303(g), 303(r), 332(c)(7). 2. Section 90.20 is amended by revising paragraph (e)(6) to read as follows: § 90.20 Public Safety Pool. * * * * * (e) * * * (6) The frequency 173.075 MHz is available for stolen vehicle recovery systems on a shared basis with the Federal Government. (i) Base station transmitters are limited to 300 watts ERP, regardless of the maximum authorized bandwidth. (ii) Mobile transmitters operating on this frequency with emissions authorized in a maximum bandwidth of 12.5 kHz are limited to 5.0 watts power output. Mobile transmitters operating on this frequency with emissions authorized in a maximum bandwidth of 20 kHz are limited to 2.5 watts power output. (iii) Any modulation scheme may be used. (iv) Transmissions from mobiles authorized to operate with a maximum bandwidth of 20 kHz shall be limited to 200 milliseconds for every 10 seconds, except when a vehicle is being tracked actively transmissions are limited to 200 milliseconds for every second; transmissions for mobiles authorized to operate with a maximum bandwidth of 12.5 kHz shall be limited to 400 milliseconds for every 10 seconds, except when a vehicle is being tracked actively transmissions are limited to 400 milliseconds for every second. Alternatively, transmissions from mobiles regardless of their maximum PO 00000 Frm 00021 Fmt 4702 Sfmt 4702 49405 emission bandwidth shall be limited to 1800 milliseconds for every 300 seconds with a maximum of six such messages in any 30 minute period. (v) Transmissions from base stations shall be limited to a total rate of five seconds every minute regardless of the maximum authorized bandwidth. (vi) Applications for base stations operating on this frequency shall require coordination with the Federal Government. Applicants shall perform an analysis for each base station that is located within 169 km (105 miles) of a TV Channel 7 transmitter of potential interference to TV Channel 7 viewers. Such base stations will be authorized if the applicant has limited the interference contour to include fewer than 100 residences or if the applicant: (A) Shows that the proposed site is the only suitable location (which, at the application stage, requires a showing that the proposed site is especially wellsuited to provide the proposed service); (B) Develops a plan to control any interference caused to TV reception from operations; and (C) Agrees to make such adjustments in the TV receivers affected as may be necessary to eliminate interference caused by its operations. The licensee must eliminate any interference caused by its operation to TV Channel 7 reception within 30 days after notification in writing by the Commission. If this interference is not removed within this 30-day period, operation of the base station must be discontinued. The licensee is expected to help resolve all complaints of interference. * * * * * [FR Doc. E6–13743 Filed 8–22–06; 8:45 am] BILLING CODE 6712–01–P DEPARTMENT OF DEFENSE GENERAL SERVICES ADMINISTRATION NATIONAL AERONAUTICS AND SPACE ADMINISTRATION 48 CFR Part 4 [FAR Case 2005–017; Docket 2006–0020; Sequence 6] RIN 9000–AK53 Federal Acquisition Regulation; FAR Case 2005–017, Requirement to Purchase Approved Authentication Products and Services Department of Defense (DoD), General Services Administration (GSA), AGENCIES: E:\FR\FM\23AUP1.SGM 23AUP1 49406 Federal Register / Vol. 71, No. 163 / Wednesday, August 23, 2006 / Proposed Rules and National Aeronautics and Space Administration (NASA). ACTION: A. Background Proposed rule. SUMMARY: The Civilian Agency Acquisition Council and the Defense Acquisition Regulations Council (Councils) are proposing to amend the Federal Acquisition Regulation (FAR) to address the acquisition of products and services for personal identity verification that comply with requirements in Homeland Security Presidential Directive (HSPD) 12, ‘‘Policy for a Common Identification Standard for Federal Employees and Contractors,’’ and Federal Information Processing Standards Publication (FIPS PUB) 201, ‘‘Personal Identity Verification of Federal Employees and Contractors’’. Interested parties should submit written comments to the FAR Secretariat on or before October 23, 2006 to be considered in the formulation of a final rule. DATES: Submit comments identified by FAR case 2005–017 by any of the following methods: • Federal eRulemaking Portal: http:// www.regulations.gov. Search for this document at the ‘‘Federal Acquisition Regulation’’ agency and review the ‘‘Document Title’’ column; click on the Document ID number. Click on ‘‘comments’’. You may also search for any document using the ‘‘Advanced search/ document search’’ tab, selecting from the agency field ‘‘Federal Acquisition Regulation’’, and typing the FAR case number in the keyword field. • Fax: 202–501–4067. • Mail: General Services Administration, Regulatory Secretariat (VIR), 1800 F Street, NW, Room 4035, ATTN: Laurieann Duarte, Washington, DC 20405. Instructions: Please submit comments only and cite FAR case 2005–017 in all correspondence related to this case. All comments received will be posted without change to http:// www.regulations.gov, including any personal and/or business confidential information provided. ADDRESSES: For clarification of content, contact Mr. Michael Jackson, Procurement Analyst, at (202) 208–4949. For information pertaining to status or publication schedules, contact the FAR Secretariat at (202) 501–4755. Please cite FAR case 2005–017. sroberts on PROD1PC70 with PROPOSALS FOR FURTHER INFORMATION CONTACT: SUPPLEMENTARY INFORMATION: VerDate Aug<31>2005 15:59 Aug 22, 2006 Jkt 208001 Increasingly, contractors are required to have physical access to federally controlled facilities and information systems in the performance of Government contracts. On August 27, 2004, in response to the general threat of unauthorized access to physical facilities and information systems, the President issued Homeland Security Presidential Directive (HSPD) 12. The primary objectives of HSPD–12 are to establish a process to enhance security, increase Government efficiency, reduce identity fraud, and protect personal privacy by establishing a mandatory, Governmentwide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors. In accordance with HSPD–12, the Secretary of Commerce issued on February 25, 2005, Federal Information Processing Standards Publication (FIPS PUB) 201, Personal Identity Verification of Federal Employees and Contractors, to establish a Governmentwide standard for secure and reliable forms of identification for Federal and contractor employees. FIPS PUB 201 is available at http://www.smartcardalliance.org/pdf/ industrylinfo/FIPSl201l022505.pdf. The associated Office of Management and Budget (OMB) guidance, M–05–24, dated August 5, 2005, can be found at http://www.whitehouse.gov/omb/ memoranda/fy2005/m05–24.pdf. In accordance with requirements in HSPD–12 and OMB Memorandum M– 05–24, agencies must— (a) Issue and require the use of identity credentials that are compliant with the technical requirements of FIPS PUB 201 and associated guidance issued by the National Institute for Standards and Technology in the areas of personal authentication, access controls and card management; and (b) Agencies may acquire authentication products and services that are approved to be compliant with the FIPS PUB 201 through Special Item Number (SIN) 132–62, HSPD–12 Product and Service Components, made available by GSA under Federal Supply Schedule 70. GSA is developing an informational Web site (idmanagement.gov) that will provide a one-stop shop for citizens, businesses, and government entities interested in identity management activities. The site will provide information on HSPD–12 and eAuthentication acquisition vehicles and processes. This proposed rule revises Subpart 4.13 by adding two new sections on the scope of the subpart, and the acquisition of approved products and services; the PO 00000 Frm 00022 Fmt 4702 Sfmt 4702 existing sections are revised and renumbered. This is not a significant regulatory action and, therefore, was not subject to review under Section 6(b) of Executive Order 12866, Regulatory Planning and Review, dated September 30, 1993. This rule is not a major rule under 5 U.S.C. 804. B. Regulatory Flexibility Act The changes may have a significant economic impact on a substantial number of small entities within the meaning of the Regulatory Flexibility Act, 5 U.S.C. 601, et seq. HSPD–12 requires agencies to procure PIV products and services that comply with the FIPS PUB 201 standard. NIST has established the NIST Personal Identity Verification Program (NPIVP) (http:// csrc.nist.gov/npivp) to validate Personal Identity Verification (PIV) components and sub-systems required by Federal Information Processing Standards Publication (FIPS PUB) 201 that meet the NPIVP requirements. The validation tests are performed by third party laboratories that are accredited through NIST’s National Voluntary Laboratory Accreditation Program. Vendors are required to obtain validation testing and certification from an accredited laboratory. The testing is performed on a fee basis. The number and extent of testing will depend on the nature of the product or service being tested. The test protocols are still under development. The impact on small entities will, therefore, be variable depending on the nature of the product/ service being validated. These standards and testing policies may affect small business concerns in terms of their ability to compete and win Federal contracts. The extent of the effect and impact on small business concerns is unknown and will vary by product and service due to the wide variances among product and service functionality and design. An Initial Regulatory Flexibility Analysis (IRFA) has been prepared. The analysis is summarized as follows: 1. Description of the reasons why the action is being taken. This proposed rule amends the Federal Acquisition Regulation to implement the provisions of Homeland Security Presidential Directive 12 (HSPD–12) and Federal Information Processing Standards Publication Number 201 (FIPS PUB 201). 2. Succinct statement of the objectives of, and legal basis for, the rule. The rule implements the provisions of HSPD–12 that require agencies to purchase PIV products and services that are approved to comply with the FIPS PUB 201 standard and that are interoperable among agencies. 3. Description of and, where feasible, estimate of the number of small entities to which the rule will apply. E:\FR\FM\23AUP1.SGM 23AUP1 Federal Register / Vol. 71, No. 163 / Wednesday, August 23, 2006 / Proposed Rules 49407 The FAR rule requires that agencies acquire PIV products and services that comply with the FIPS PUB 201 standard. The impact on small entities will, therefore, vary depending on the approval process for vendor products and services. 4. Description of projected reporting, recordkeeping, and other compliance requirements of the rule, including an estimate of the classes of small entities which will be subject to the requirement and the type of professional skills necessary for preparation of the report or record. The rule does not impose any new reporting, recordkeeping, or compliance requirements. 5. Identification, to the extent practicable, of all relevant Federal rules which may duplicate, overlap, or conflict with the rule. The rule does not duplicate, overlap, or conflict with any other Federal rules. 6. Description of any significant alternatives to the rule which accomplish the stated objectives of applicable statutes and which minimize any significant economic impact of the rule on small entities. There are no practical alternatives that will accomplish the objectives of HSPD–12. Sec. 4.1300 Scope of subpart. 4.1301 Contractual implementation of personal identity verification requirement. 4.1302 Acquisition of approved products and services for personal identity verification. 4.1303 Contract clause. (2) Ensuring interoperability and conformance to applicable Federal standards for the lifecycle of the components; and (3) Maintaining a written plan for ensuring ongoing conformance to applicable Federal standards for the lifecycle of the components. 4.1300 4.1303 This subpart provides policy and procedures associated with Personal Identity Verification as required by— (a) Federal Information Processing Standards Publication (FIPS PUB) Number 201, ‘‘Personal Identity Verification of Federal Employees and Contractors’’; and (b) Office of Management and Budget (OMB) guidance M–05–24, dated August 5, 2005, ‘‘Implementation of Homeland Security Presidential Directive (HSPD) 12—Policy for a Common Identification Standard for Federal Employees and Contractors’’. The Contracting Officer shall insert the clause at 52.204–9, Personal Identity Verification of Contractor Personnel, in solicitations and contracts when contract performance requires contractors to have physical access to a federally-controlled facility or access to a federally-controlled information system. The FAR Secretariat has submitted a copy of the IRFA to the Chief Counsel for Advocacy of the Small Business Administration. A copy of the IRFA may be obtained from the FAR Secretariat. The Councils will consider comments from small entities concerning the affected FAR Part 4 in accordance with 5 U.S.C. 610. Comments must be submitted separately and should cite 5 U.S.C 601, et seq. (FAR case 2005–017), in correspondence. 4.1301 Contractual implementation of personal identity verification requirement. National Highway Traffic Safety Administration C. Paperwork Reduction Act The Paperwork Reduction Act does not apply because the proposed changes to the FAR do not impose information collection requirements that require the approval of the Office of Management and Budget under 44 U.S.C. 3501, et seq. Government procurement. Dated: August 17, 2006. Ralph De Stefano, Director, Contract Policy Division. Therefore, DoD, GSA, and NASA propose amending 48 CFR part 4 as set forth below: PART 4—ADMINISTRATIVE MATTERS sroberts on PROD1PC70 with PROPOSALS Authority: 40 U.S.C. 121(c); 10 U.S.C. chapter 137; and 42 U.S.C. 2473(c). 2. Revise Subpart 4.13 to read as follows: Subpart 4.13—Personal Identity Verification VerDate Aug<31>2005 17:07 Aug 22, 2006 Jkt 208001 (a) Agencies must follow FIPS PUB 201 and the associated OMB implementation guidance for personal identity verification for all affected contractor and subcontractor personnel when contract performance requires contractors to have physical access to a federally-controlled facility or access to a Federal information system. (b) Agencies must include their implementation of FIPS PUB 201 and OMB guidance M–05–24, in solicitations and contracts that require the contractor to have physical access to a federally-controlled facility or access to a Federal information system. (c) Agencies must designate an official responsible for verifying contractor employee personal identity. 4.1302 Acquisition of approved products and services for personal identity verification. List of Subjects in 48 CFR Part 4 1. The authority citation for 48 CFR part 4 continues to read as follows: Scope of subpart. (a) In order to comply with FIPS PUB 201, agencies must only purchase approved personal identity verification products and services. Agencies may acquire the approved products and services from the GSA, Federal Supply Schedule 70, Special Item Number (SIN) 132–62, HSPD–12 Product and Service Components. (b) When acquiring personal identity verification products and services not using the process in paragraph (a) of this section, agencies must ensure that the applicable products and services are approved as compliant with FIPS PUB 201 including— (1) Certifying the products and services procured meet all applicable Federal standards and requirements; PO 00000 Frm 00023 Fmt 4702 Sfmt 4702 Contract clause. [FR Doc. 06–7088 Filed 8–22–06; 8:45 am] BILLING CODE 6820–EP–S DEPARTMENT OF TRANSPORTATION 49 CFR Part 531 [Docket No. NHTSA–2006–25593] Exemptions From Average Fuel Economy Standards; Passenger Automobile Average Fuel Economy Standards National Highway Traffic Safety Administration (NHTSA), Department of Transportation (DOT). ACTION: Proposed Decision to Grant Exemption. AGENCY: SUMMARY: This proposed decision responds to a petition filed by Spyker Automobielen B.V. (Spyker) requesting that it be exempted from the generally applicable average fuel economy standard of 27.5 miles per gallon (mpg) for model years 2006 and 2007, and that, for Spyker, lower alternative standards be established. In this document, NHTSA proposes that the requested exemption be granted to Spyker and that alternative standards of 18.9 mpg be established for MY’s 2006 and 2007. DATES: Comments on this proposed decision must be received on or before September 22, 2006. ADDRESSES: You may submit comments by any of the following methods: • Web site: http://dms.dot.gov. Follow the instructions for submitting comments on the DOT electronic docket site. • Fax: 1–202–493–2251. • Mail: Docket Management Facility; U.S. Department of Transportation, 400 E:\FR\FM\23AUP1.SGM 23AUP1

Agencies

[Federal Register Volume 71, Number 163 (Wednesday, August 23, 2006)]
[Proposed Rules]
[Pages 49405-49407]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 06-7088]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

GENERAL SERVICES ADMINISTRATION

NATIONAL AERONAUTICS AND SPACE ADMINISTRATION

48 CFR Part 4

[FAR Case 2005-017; Docket 2006-0020; Sequence 6]
RIN 9000-AK53


Federal Acquisition Regulation; FAR Case 2005-017, Requirement to 
Purchase Approved Authentication Products and Services

AGENCIES: Department of Defense (DoD), General Services Administration 
(GSA),

[[Page 49406]]

and National Aeronautics and Space Administration (NASA).

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Civilian Agency Acquisition Council and the Defense 
Acquisition Regulations Council (Councils) are proposing to amend the 
Federal Acquisition Regulation (FAR) to address the acquisition of 
products and services for personal identity verification that comply 
with requirements in Homeland Security Presidential Directive (HSPD) 
12, ``Policy for a Common Identification Standard for Federal Employees 
and Contractors,'' and Federal Information Processing Standards 
Publication (FIPS PUB) 201, ``Personal Identity Verification of Federal 
Employees and Contractors''.

DATES: Interested parties should submit written comments to the FAR 
Secretariat on or before October 23, 2006 to be considered in the 
formulation of a final rule.

ADDRESSES: Submit comments identified by FAR case 2005-017 by any of 
the following methods:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Search for this document at the ``Federal Acquisition Regulation'' 
agency and review the ``Document Title'' column; click on the Document 
ID number. Click on ``comments''.
    You may also search for any document using the ``Advanced search/
document search'' tab, selecting from the agency field ``Federal 
Acquisition Regulation'', and typing the FAR case number in the keyword 
field.
     Fax: 202-501-4067.
     Mail: General Services Administration, Regulatory 
Secretariat (VIR), 1800 F Street, NW, Room 4035, ATTN: Laurieann 
Duarte, Washington, DC 20405.
    Instructions: Please submit comments only and cite FAR case 2005-
017 in all correspondence related to this case. All comments received 
will be posted without change to http://www.regulations.gov, including 
any personal and/or business confidential information provided.

FOR FURTHER INFORMATION CONTACT: For clarification of content, contact 
Mr. Michael Jackson, Procurement Analyst, at (202) 208-4949. For 
information pertaining to status or publication schedules, contact the 
FAR Secretariat at (202) 501-4755. Please cite FAR case 2005-017.

SUPPLEMENTARY INFORMATION:

A. Background

    Increasingly, contractors are required to have physical access to 
federally controlled facilities and information systems in the 
performance of Government contracts. On August 27, 2004, in response to 
the general threat of unauthorized access to physical facilities and 
information systems, the President issued Homeland Security 
Presidential Directive (HSPD) 12. The primary objectives of HSPD-12 are 
to establish a process to enhance security, increase Government 
efficiency, reduce identity fraud, and protect personal privacy by 
establishing a mandatory, Governmentwide standard for secure and 
reliable forms of identification issued by the Federal Government to 
its employees and contractors. In accordance with HSPD-12, the 
Secretary of Commerce issued on February 25, 2005, Federal Information 
Processing Standards Publication (FIPS PUB) 201, Personal Identity 
Verification of Federal Employees and Contractors, to establish a 
Governmentwide standard for secure and reliable forms of identification 
for Federal and contractor employees. FIPS PUB 201 is available at 
http://www.smartcardalliance.org/pdf/industry_info/FIPS_201_
022505.pdf. The associated Office of Management and Budget (OMB) 
guidance, M-05-24, dated August 5, 2005, can be found at http://
www.whitehouse.gov/omb/memoranda/fy2005/m05-24.pdf.
    In accordance with requirements in HSPD-12 and OMB Memorandum M-05-
24, agencies must--
    (a) Issue and require the use of identity credentials that are 
compliant with the technical requirements of FIPS PUB 201 and 
associated guidance issued by the National Institute for Standards and 
Technology in the areas of personal authentication, access controls and 
card management; and
    (b) Agencies may acquire authentication products and services that 
are approved to be compliant with the FIPS PUB 201 through Special Item 
Number (SIN) 132-62, HSPD-12 Product and Service Components, made 
available by GSA under Federal Supply Schedule 70. GSA is developing an 
informational Web site (idmanagement.gov) that will provide a one-stop 
shop for citizens, businesses, and government entities interested in 
identity management activities. The site will provide information on 
HSPD-12 and eAuthentication acquisition vehicles and processes.
    This proposed rule revises Subpart 4.13 by adding two new sections 
on the scope of the subpart, and the acquisition of approved products 
and services; the existing sections are revised and renumbered. This is 
not a significant regulatory action and, therefore, was not subject to 
review under Section 6(b) of Executive Order 12866, Regulatory Planning 
and Review, dated September 30, 1993. This rule is not a major rule 
under 5 U.S.C. 804.

B. Regulatory Flexibility Act

    The changes may have a significant economic impact on a substantial 
number of small entities within the meaning of the Regulatory 
Flexibility Act, 5 U.S.C. 601, et seq. HSPD-12 requires agencies to 
procure PIV products and services that comply with the FIPS PUB 201 
standard. NIST has established the NIST Personal Identity Verification 
Program (NPIVP) (http://csrc.nist.gov/npivp) to validate Personal 
Identity Verification (PIV) components and sub-systems required by 
Federal Information Processing Standards Publication (FIPS PUB) 201 
that meet the NPIVP requirements. The validation tests are performed by 
third party laboratories that are accredited through NIST's National 
Voluntary Laboratory Accreditation Program.
    Vendors are required to obtain validation testing and certification 
from an accredited laboratory. The testing is performed on a fee basis. 
The number and extent of testing will depend on the nature of the 
product or service being tested. The test protocols are still under 
development. The impact on small entities will, therefore, be variable 
depending on the nature of the product/service being validated. These 
standards and testing policies may affect small business concerns in 
terms of their ability to compete and win Federal contracts. The extent 
of the effect and impact on small business concerns is unknown and will 
vary by product and service due to the wide variances among product and 
service functionality and design. An Initial Regulatory Flexibility 
Analysis (IRFA) has been prepared. The analysis is summarized as 
follows:

    1. Description of the reasons why the action is being taken.
    This proposed rule amends the Federal Acquisition Regulation to 
implement the provisions of Homeland Security Presidential Directive 
12 (HSPD-12) and Federal Information Processing Standards 
Publication Number 201 (FIPS PUB 201).
    2. Succinct statement of the objectives of, and legal basis for, 
the rule.
    The rule implements the provisions of HSPD-12 that require 
agencies to purchase PIV products and services that are approved to 
comply with the FIPS PUB 201 standard and that are interoperable 
among agencies.
    3. Description of and, where feasible, estimate of the number of 
small entities to which the rule will apply.

[[Page 49407]]

    The FAR rule requires that agencies acquire PIV products and 
services that comply with the FIPS PUB 201 standard. The impact on 
small entities will, therefore, vary depending on the approval 
process for vendor products and services.
    4. Description of projected reporting, recordkeeping, and other 
compliance requirements of the rule, including an estimate of the 
classes of small entities which will be subject to the requirement 
and the type of professional skills necessary for preparation of the 
report or record.
    The rule does not impose any new reporting, recordkeeping, or 
compliance requirements.
    5. Identification, to the extent practicable, of all relevant 
Federal rules which may duplicate, overlap, or conflict with the 
rule.
    The rule does not duplicate, overlap, or conflict with any other 
Federal rules.
    6. Description of any significant alternatives to the rule which 
accomplish the stated objectives of applicable statutes and which 
minimize any significant economic impact of the rule on small 
entities.
    There are no practical alternatives that will accomplish the 
objectives of HSPD-12.

    The FAR Secretariat has submitted a copy of the IRFA to the Chief 
Counsel for Advocacy of the Small Business Administration. A copy of 
the IRFA may be obtained from the FAR Secretariat. The Councils will 
consider comments from small entities concerning the affected FAR Part 
4 in accordance with 5 U.S.C. 610. Comments must be submitted 
separately and should cite 5 U.S.C 601, et seq. (FAR case 2005-017), in 
correspondence.

C. Paperwork Reduction Act

    The Paperwork Reduction Act does not apply because the proposed 
changes to the FAR do not impose information collection requirements 
that require the approval of the Office of Management and Budget under 
44 U.S.C. 3501, et seq.

List of Subjects in 48 CFR Part 4

    Government procurement.

    Dated: August 17, 2006.
Ralph De Stefano,
Director, Contract Policy Division.

    Therefore, DoD, GSA, and NASA propose amending 48 CFR part 4 as set 
forth below:

PART 4--ADMINISTRATIVE MATTERS

    1. The authority citation for 48 CFR part 4 continues to read as 
follows:

    Authority:  40 U.S.C. 121(c); 10 U.S.C. chapter 137; and 42 
U.S.C. 2473(c).

    2. Revise Subpart 4.13 to read as follows:

Subpart 4.13--Personal Identity Verification

Sec.
4.1300 Scope of subpart.
4.1301 Contractual implementation of personal identity verification 
requirement.
4.1302 Acquisition of approved products and services for personal 
identity verification.
4.1303 Contract clause.


4.1300  Scope of subpart.

    This subpart provides policy and procedures associated with 
Personal Identity Verification as required by--
    (a) Federal Information Processing Standards Publication (FIPS PUB) 
Number 201, ``Personal Identity Verification of Federal Employees and 
Contractors''; and
    (b) Office of Management and Budget (OMB) guidance M-05-24, dated 
August 5, 2005, ``Implementation of Homeland Security Presidential 
Directive (HSPD) 12--Policy for a Common Identification Standard for 
Federal Employees and Contractors''.


4.1301  Contractual implementation of personal identity verification 
requirement.

    (a) Agencies must follow FIPS PUB 201 and the associated OMB 
implementation guidance for personal identity verification for all 
affected contractor and subcontractor personnel when contract 
performance requires contractors to have physical access to a 
federally-controlled facility or access to a Federal information 
system.
    (b) Agencies must include their implementation of FIPS PUB 201 and 
OMB guidance M-05-24, in solicitations and contracts that require the 
contractor to have physical access to a federally-controlled facility 
or access to a Federal information system.
    (c) Agencies must designate an official responsible for verifying 
contractor employee personal identity.


4.1302  Acquisition of approved products and services for personal 
identity verification.

    (a) In order to comply with FIPS PUB 201, agencies must only 
purchase approved personal identity verification products and services. 
Agencies may acquire the approved products and services from the GSA, 
Federal Supply Schedule 70, Special Item Number (SIN) 132-62, HSPD-12 
Product and Service Components.
    (b) When acquiring personal identity verification products and 
services not using the process in paragraph (a) of this section, 
agencies must ensure that the applicable products and services are 
approved as compliant with FIPS PUB 201 including--
    (1) Certifying the products and services procured meet all 
applicable Federal standards and requirements;
    (2) Ensuring interoperability and conformance to applicable Federal 
standards for the lifecycle of the components; and
    (3) Maintaining a written plan for ensuring ongoing conformance to 
applicable Federal standards for the lifecycle of the components.


4.1303  Contract clause.

    The Contracting Officer shall insert the clause at 52.204-9, 
Personal Identity Verification of Contractor Personnel, in 
solicitations and contracts when contract performance requires 
contractors to have physical access to a federally-controlled facility 
or access to a federally-controlled information system.
[FR Doc. 06-7088 Filed 8-22-06; 8:45 am]
BILLING CODE 6820-EP-S