Federal Acquisition Regulation; FAR Case 2005-017, Requirement to Purchase Approved Authentication Products and Services, 49405-49407 [06-7088]
Download as PDF
<![CDATA[
Federal Register / Vol. 71, No. 163 / Wednesday, August 23, 2006 / Proposed Rules
Census Bureau data indicate that there
are 858 U.S. firms that manufacture
radio and television broadcasting and
communications equipment, and that
778 of these firms have fewer than 750
employees and would therefore be
classified as small entities. We do not
have information that indicates how
many of the six radio equipment
manufacturers associated with this
proceeding are among these 778 firms.
Motorola, however, is a major,
nationwide radio equipment
manufacturer, and thus, we conclude
that it would not qualify as a small
business.
Description of Projected Reporting,
Recordkeeping, and Other Compliance
Requirements
32. The NPRM neither proposes nor
anticipates any additional reporting,
recordkeeping or other compliance
measures.
Steps Taken To Minimize Significant
Economic Impact on Small Entities, and
Significant Alternatives Considered
33. The RFA requires an agency to
describe any significant alternatives that
it has considered in reaching its
proposed approach, which may include
the following four alternatives (among
others): (1) The establishment of
differing compliance or reporting
requirements or timetables that take into
account the resources available to small
entities; (2) the clarification,
consolidation, or simplification of
compliance or reporting requirements
under the rule for small entities; (3) the
use of performance, rather than design,
standards; and (4) an exemption from
coverage of the rule, or any part thereof,
for small entities.
34. The NPRM solicits comment on
various proposals set forth herein. For
example, the Commission seeks
comment on its proposal to authorize
use of frequency 173.075 MHz by rule
rather than by individual licensing.
These proposals are made to reduce the
regulatory burden for SVRS licensees,
most of whom are small police entities.
sroberts on PROD1PC70 with PROPOSALS
Federal Rules That May Duplicate,
Overlap, or Conflict With the Proposed
Rules
35. None.
III. Ordering Clauses
36. Pursuant to sections 4(i), 303(f)
and (r), and 332 of the Communications
Act of 1934, as amended, 47 U.S.C.
154(i), 303(f), 303(r), 332, this Notice of
Proposed Rulemaking is adopted.
37. It is further ordered that the
Commission’s Consumer and
Government Affairs Bureau, Reference
VerDate Aug<31>2005
15:59 Aug 22, 2006
Jkt 208001
Information Center, shall send a copy of
the Notice of Proposed Rulemaking
including the Initial Regulatory
Flexibility Analysis, to the Chief
Counsel for Advocacy of the Small
Business Administration.
List of Subjects in 47 CFR Part 90
Communications equipment, Radio.
Federal Communications Commission.
William F. Caton,
Deputy Secretary.
Proposed Rules
For the reasons discussed in the
preamble, the Federal Communications
Commission proposes to amend 47 CFR
part 90 as follows:
PART 90—PRIVATE LAND MOBILE
RADIO SERVICES
1. The authority citation for part 90
continues to read as follows:
Authority: Sections 4(i), 11, 303(g), 303(r)
and 332(c)(7) of the Communications Act of
1934 as amended, 47 U.S.C. 154(i), 161,
303(g), 303(r), 332(c)(7).
2. Section 90.20 is amended by
revising paragraph (e)(6) to read as
follows:
§ 90.20
Public Safety Pool.
*
*
*
*
*
(e) * * *
(6) The frequency 173.075 MHz is
available for stolen vehicle recovery
systems on a shared basis with the
Federal Government.
(i) Base station transmitters are
limited to 300 watts ERP, regardless of
the maximum authorized bandwidth.
(ii) Mobile transmitters operating on
this frequency with emissions
authorized in a maximum bandwidth of
12.5 kHz are limited to 5.0 watts power
output. Mobile transmitters operating on
this frequency with emissions
authorized in a maximum bandwidth of
20 kHz are limited to 2.5 watts power
output.
(iii) Any modulation scheme may be
used.
(iv) Transmissions from mobiles
authorized to operate with a maximum
bandwidth of 20 kHz shall be limited to
200 milliseconds for every 10 seconds,
except when a vehicle is being tracked
actively transmissions are limited to 200
milliseconds for every second;
transmissions for mobiles authorized to
operate with a maximum bandwidth of
12.5 kHz shall be limited to 400
milliseconds for every 10 seconds,
except when a vehicle is being tracked
actively transmissions are limited to 400
milliseconds for every second.
Alternatively, transmissions from
mobiles regardless of their maximum
PO 00000
Frm 00021
Fmt 4702
Sfmt 4702
49405
emission bandwidth shall be limited to
1800 milliseconds for every 300 seconds
with a maximum of six such messages
in any 30 minute period.
(v) Transmissions from base stations
shall be limited to a total rate of five
seconds every minute regardless of the
maximum authorized bandwidth.
(vi) Applications for base stations
operating on this frequency shall require
coordination with the Federal
Government. Applicants shall perform
an analysis for each base station that is
located within 169 km (105 miles) of a
TV Channel 7 transmitter of potential
interference to TV Channel 7 viewers.
Such base stations will be authorized if
the applicant has limited the
interference contour to include fewer
than 100 residences or if the applicant:
(A) Shows that the proposed site is
the only suitable location (which, at the
application stage, requires a showing
that the proposed site is especially wellsuited to provide the proposed service);
(B) Develops a plan to control any
interference caused to TV reception
from operations; and
(C) Agrees to make such adjustments
in the TV receivers affected as may be
necessary to eliminate interference
caused by its operations. The licensee
must eliminate any interference caused
by its operation to TV Channel 7
reception within 30 days after
notification in writing by the
Commission. If this interference is not
removed within this 30-day period,
operation of the base station must be
discontinued. The licensee is expected
to help resolve all complaints of
interference.
*
*
*
*
*
[FR Doc. E6–13743 Filed 8–22–06; 8:45 am]
BILLING CODE 6712–01–P
DEPARTMENT OF DEFENSE
GENERAL SERVICES
ADMINISTRATION
NATIONAL AERONAUTICS AND
SPACE ADMINISTRATION
48 CFR Part 4
[FAR Case 2005–017; Docket 2006–0020;
Sequence 6]
RIN 9000–AK53
Federal Acquisition Regulation; FAR
Case 2005–017, Requirement to
Purchase Approved Authentication
Products and Services
Department of Defense (DoD),
General Services Administration (GSA),
AGENCIES:
E:\FR\FM\23AUP1.SGM
23AUP1
49406
Federal Register / Vol. 71, No. 163 / Wednesday, August 23, 2006 / Proposed Rules
and National Aeronautics and Space
Administration (NASA).
ACTION:
A. Background
Proposed rule.
SUMMARY: The Civilian Agency
Acquisition Council and the Defense
Acquisition Regulations Council
(Councils) are proposing to amend the
Federal Acquisition Regulation (FAR) to
address the acquisition of products and
services for personal identity
verification that comply with
requirements in Homeland Security
Presidential Directive (HSPD) 12,
‘‘Policy for a Common Identification
Standard for Federal Employees and
Contractors,’’ and Federal Information
Processing Standards Publication (FIPS
PUB) 201, ‘‘Personal Identity
Verification of Federal Employees and
Contractors’’.
Interested parties should submit
written comments to the FAR
Secretariat on or before October 23,
2006 to be considered in the
formulation of a final rule.
DATES:
Submit comments
identified by FAR case 2005–017 by any
of the following methods:
• Federal eRulemaking Portal: https://
www.regulations.gov. Search for this
document at the ‘‘Federal Acquisition
Regulation’’ agency and review the
‘‘Document Title’’ column; click on the
Document ID number. Click on
‘‘comments’’.
You may also search for any
document using the ‘‘Advanced search/
document search’’ tab, selecting from
the agency field ‘‘Federal Acquisition
Regulation’’, and typing the FAR case
number in the keyword field.
• Fax: 202–501–4067.
• Mail: General Services
Administration, Regulatory Secretariat
(VIR), 1800 F Street, NW, Room 4035,
ATTN: Laurieann Duarte, Washington,
DC 20405.
Instructions: Please submit comments
only and cite FAR case 2005–017 in all
correspondence related to this case. All
comments received will be posted
without change to https://
www.regulations.gov, including any
personal and/or business confidential
information provided.
ADDRESSES:
For
clarification of content, contact Mr.
Michael Jackson, Procurement Analyst,
at (202) 208–4949. For information
pertaining to status or publication
schedules, contact the FAR Secretariat
at (202) 501–4755. Please cite FAR case
2005–017.
sroberts on PROD1PC70 with PROPOSALS
FOR FURTHER INFORMATION CONTACT:
SUPPLEMENTARY INFORMATION:
VerDate Aug<31>2005
15:59 Aug 22, 2006
Jkt 208001
Increasingly, contractors are required
to have physical access to federally
controlled facilities and information
systems in the performance of
Government contracts. On August 27,
2004, in response to the general threat
of unauthorized access to physical
facilities and information systems, the
President issued Homeland Security
Presidential Directive (HSPD) 12. The
primary objectives of HSPD–12 are to
establish a process to enhance security,
increase Government efficiency, reduce
identity fraud, and protect personal
privacy by establishing a mandatory,
Governmentwide standard for secure
and reliable forms of identification
issued by the Federal Government to its
employees and contractors. In
accordance with HSPD–12, the
Secretary of Commerce issued on
February 25, 2005, Federal Information
Processing Standards Publication (FIPS
PUB) 201, Personal Identity Verification
of Federal Employees and Contractors,
to establish a Governmentwide standard
for secure and reliable forms of
identification for Federal and contractor
employees. FIPS PUB 201 is available at
https://www.smartcardalliance.org/pdf/
industrylinfo/FIPSl201l022505.pdf.
The associated Office of Management
and Budget (OMB) guidance, M–05–24,
dated August 5, 2005, can be found at
https://www.whitehouse.gov/omb/
memoranda/fy2005/m05–24.pdf.
In accordance with requirements in
HSPD–12 and OMB Memorandum M–
05–24, agencies must—
(a) Issue and require the use of
identity credentials that are compliant
with the technical requirements of FIPS
PUB 201 and associated guidance issued
by the National Institute for Standards
and Technology in the areas of personal
authentication, access controls and card
management; and
(b) Agencies may acquire
authentication products and services
that are approved to be compliant with
the FIPS PUB 201 through Special Item
Number (SIN) 132–62, HSPD–12
Product and Service Components, made
available by GSA under Federal Supply
Schedule 70. GSA is developing an
informational Web site
(idmanagement.gov) that will provide a
one-stop shop for citizens, businesses,
and government entities interested in
identity management activities. The site
will provide information on HSPD–12
and eAuthentication acquisition
vehicles and processes.
This proposed rule revises Subpart
4.13 by adding two new sections on the
scope of the subpart, and the acquisition
of approved products and services; the
PO 00000
Frm 00022
Fmt 4702
Sfmt 4702
existing sections are revised and
renumbered. This is not a significant
regulatory action and, therefore, was not
subject to review under Section 6(b) of
Executive Order 12866, Regulatory
Planning and Review, dated September
30, 1993. This rule is not a major rule
under 5 U.S.C. 804.
B. Regulatory Flexibility Act
The changes may have a significant
economic impact on a substantial
number of small entities within the
meaning of the Regulatory Flexibility
Act, 5 U.S.C. 601, et seq. HSPD–12
requires agencies to procure PIV
products and services that comply with
the FIPS PUB 201 standard. NIST has
established the NIST Personal Identity
Verification Program (NPIVP) (https://
csrc.nist.gov/npivp) to validate Personal
Identity Verification (PIV) components
and sub-systems required by Federal
Information Processing Standards
Publication (FIPS PUB) 201 that meet
the NPIVP requirements. The validation
tests are performed by third party
laboratories that are accredited through
NIST’s National Voluntary Laboratory
Accreditation Program.
Vendors are required to obtain
validation testing and certification from
an accredited laboratory. The testing is
performed on a fee basis. The number
and extent of testing will depend on the
nature of the product or service being
tested. The test protocols are still under
development. The impact on small
entities will, therefore, be variable
depending on the nature of the product/
service being validated. These standards
and testing policies may affect small
business concerns in terms of their
ability to compete and win Federal
contracts. The extent of the effect and
impact on small business concerns is
unknown and will vary by product and
service due to the wide variances among
product and service functionality and
design. An Initial Regulatory Flexibility
Analysis (IRFA) has been prepared. The
analysis is summarized as follows:
1. Description of the reasons why the
action is being taken.
This proposed rule amends the Federal
Acquisition Regulation to implement the
provisions of Homeland Security Presidential
Directive 12 (HSPD–12) and Federal
Information Processing Standards
Publication Number 201 (FIPS PUB 201).
2. Succinct statement of the objectives of,
and legal basis for, the rule.
The rule implements the provisions of
HSPD–12 that require agencies to purchase
PIV products and services that are approved
to comply with the FIPS PUB 201 standard
and that are interoperable among agencies.
3. Description of and, where feasible,
estimate of the number of small entities to
which the rule will apply.
E:\FR\FM\23AUP1.SGM
23AUP1
Federal Register / Vol. 71, No. 163 / Wednesday, August 23, 2006 / Proposed Rules
49407
The FAR rule requires that agencies
acquire PIV products and services that
comply with the FIPS PUB 201 standard. The
impact on small entities will, therefore, vary
depending on the approval process for
vendor products and services.
4. Description of projected reporting,
recordkeeping, and other compliance
requirements of the rule, including an
estimate of the classes of small entities which
will be subject to the requirement and the
type of professional skills necessary for
preparation of the report or record.
The rule does not impose any new
reporting, recordkeeping, or compliance
requirements.
5. Identification, to the extent practicable,
of all relevant Federal rules which may
duplicate, overlap, or conflict with the rule.
The rule does not duplicate, overlap, or
conflict with any other Federal rules.
6. Description of any significant
alternatives to the rule which accomplish the
stated objectives of applicable statutes and
which minimize any significant economic
impact of the rule on small entities.
There are no practical alternatives that will
accomplish the objectives of HSPD–12.
Sec.
4.1300 Scope of subpart.
4.1301 Contractual implementation of
personal identity verification
requirement.
4.1302 Acquisition of approved products
and services for personal identity
verification.
4.1303 Contract clause.
(2) Ensuring interoperability and
conformance to applicable Federal
standards for the lifecycle of the
components; and
(3) Maintaining a written plan for
ensuring ongoing conformance to
applicable Federal standards for the
lifecycle of the components.
4.1300
4.1303
This subpart provides policy and
procedures associated with Personal
Identity Verification as required by—
(a) Federal Information Processing
Standards Publication (FIPS PUB)
Number 201, ‘‘Personal Identity
Verification of Federal Employees and
Contractors’’; and
(b) Office of Management and Budget
(OMB) guidance M–05–24, dated
August 5, 2005, ‘‘Implementation of
Homeland Security Presidential
Directive (HSPD) 12—Policy for a
Common Identification Standard for
Federal Employees and Contractors’’.
The Contracting Officer shall insert
the clause at 52.204–9, Personal Identity
Verification of Contractor Personnel, in
solicitations and contracts when
contract performance requires
contractors to have physical access to a
federally-controlled facility or access to
a federally-controlled information
system.
The FAR Secretariat has submitted a
copy of the IRFA to the Chief Counsel
for Advocacy of the Small Business
Administration. A copy of the IRFA may
be obtained from the FAR Secretariat.
The Councils will consider comments
from small entities concerning the
affected FAR Part 4 in accordance with
5 U.S.C. 610. Comments must be
submitted separately and should cite 5
U.S.C 601, et seq. (FAR case 2005–017),
in correspondence.
4.1301 Contractual implementation of
personal identity verification requirement.
National Highway Traffic Safety
Administration
C. Paperwork Reduction Act
The Paperwork Reduction Act does
not apply because the proposed changes
to the FAR do not impose information
collection requirements that require the
approval of the Office of Management
and Budget under 44 U.S.C. 3501, et
seq.
Government procurement.
Dated: August 17, 2006.
Ralph De Stefano,
Director, Contract Policy Division.
Therefore, DoD, GSA, and NASA
propose amending 48 CFR part 4 as set
forth below:
PART 4—ADMINISTRATIVE MATTERS
sroberts on PROD1PC70 with PROPOSALS
Authority: 40 U.S.C. 121(c); 10 U.S.C.
chapter 137; and 42 U.S.C. 2473(c).
2. Revise Subpart 4.13 to read as
follows:
Subpart 4.13—Personal Identity
Verification
VerDate Aug<31>2005
17:07 Aug 22, 2006
Jkt 208001
(a) Agencies must follow FIPS PUB
201 and the associated OMB
implementation guidance for personal
identity verification for all affected
contractor and subcontractor personnel
when contract performance requires
contractors to have physical access to a
federally-controlled facility or access to
a Federal information system.
(b) Agencies must include their
implementation of FIPS PUB 201 and
OMB guidance M–05–24, in
solicitations and contracts that require
the contractor to have physical access to
a federally-controlled facility or access
to a Federal information system.
(c) Agencies must designate an official
responsible for verifying contractor
employee personal identity.
4.1302 Acquisition of approved products
and services for personal identity
verification.
List of Subjects in 48 CFR Part 4
1. The authority citation for 48 CFR
part 4 continues to read as follows:
Scope of subpart.
(a) In order to comply with FIPS PUB
201, agencies must only purchase
approved personal identity verification
products and services. Agencies may
acquire the approved products and
services from the GSA, Federal Supply
Schedule 70, Special Item Number (SIN)
132–62, HSPD–12 Product and Service
Components.
(b) When acquiring personal identity
verification products and services not
using the process in paragraph (a) of this
section, agencies must ensure that the
applicable products and services are
approved as compliant with FIPS PUB
201 including—
(1) Certifying the products and
services procured meet all applicable
Federal standards and requirements;
PO 00000
Frm 00023
Fmt 4702
Sfmt 4702
Contract clause.
[FR Doc. 06–7088 Filed 8–22–06; 8:45 am]
BILLING CODE 6820–EP–S
DEPARTMENT OF TRANSPORTATION
49 CFR Part 531
[Docket No. NHTSA–2006–25593]
Exemptions From Average Fuel
Economy Standards; Passenger
Automobile Average Fuel Economy
Standards
National Highway Traffic
Safety Administration (NHTSA),
Department of Transportation (DOT).
ACTION: Proposed Decision to Grant
Exemption.
AGENCY:
SUMMARY: This proposed decision
responds to a petition filed by Spyker
Automobielen B.V. (Spyker) requesting
that it be exempted from the generally
applicable average fuel economy
standard of 27.5 miles per gallon (mpg)
for model years 2006 and 2007, and
that, for Spyker, lower alternative
standards be established. In this
document, NHTSA proposes that the
requested exemption be granted to
Spyker and that alternative standards of
18.9 mpg be established for MY’s 2006
and 2007.
DATES: Comments on this proposed
decision must be received on or before
September 22, 2006.
ADDRESSES: You may submit comments
by any of the following methods:
• Web site: https://dms.dot.gov.
Follow the instructions for submitting
comments on the DOT electronic docket
site.
• Fax: 1–202–493–2251.
• Mail: Docket Management Facility;
U.S. Department of Transportation, 400
E:\FR\FM\23AUP1.SGM
23AUP1
]]>Agencies
[Federal Register Volume 71, Number 163 (Wednesday, August 23, 2006)]
[Proposed Rules]
[Pages 49405-49407]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 06-7088]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF DEFENSE
GENERAL SERVICES ADMINISTRATION
NATIONAL AERONAUTICS AND SPACE ADMINISTRATION
48 CFR Part 4
[FAR Case 2005-017; Docket 2006-0020; Sequence 6]
RIN 9000-AK53
Federal Acquisition Regulation; FAR Case 2005-017, Requirement to
Purchase Approved Authentication Products and Services
AGENCIES: Department of Defense (DoD), General Services Administration
(GSA),
[[Page 49406]]
and National Aeronautics and Space Administration (NASA).
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: The Civilian Agency Acquisition Council and the Defense
Acquisition Regulations Council (Councils) are proposing to amend the
Federal Acquisition Regulation (FAR) to address the acquisition of
products and services for personal identity verification that comply
with requirements in Homeland Security Presidential Directive (HSPD)
12, ``Policy for a Common Identification Standard for Federal Employees
and Contractors,'' and Federal Information Processing Standards
Publication (FIPS PUB) 201, ``Personal Identity Verification of Federal
Employees and Contractors''.
DATES: Interested parties should submit written comments to the FAR
Secretariat on or before October 23, 2006 to be considered in the
formulation of a final rule.
ADDRESSES: Submit comments identified by FAR case 2005-017 by any of
the following methods:
Federal eRulemaking Portal: https://www.regulations.gov.
Search for this document at the ``Federal Acquisition Regulation''
agency and review the ``Document Title'' column; click on the Document
ID number. Click on ``comments''.
You may also search for any document using the ``Advanced search/
document search'' tab, selecting from the agency field ``Federal
Acquisition Regulation'', and typing the FAR case number in the keyword
field.
Fax: 202-501-4067.
Mail: General Services Administration, Regulatory
Secretariat (VIR), 1800 F Street, NW, Room 4035, ATTN: Laurieann
Duarte, Washington, DC 20405.
Instructions: Please submit comments only and cite FAR case 2005-
017 in all correspondence related to this case. All comments received
will be posted without change to https://www.regulations.gov, including
any personal and/or business confidential information provided.
FOR FURTHER INFORMATION CONTACT: For clarification of content, contact
Mr. Michael Jackson, Procurement Analyst, at (202) 208-4949. For
information pertaining to status or publication schedules, contact the
FAR Secretariat at (202) 501-4755. Please cite FAR case 2005-017.
SUPPLEMENTARY INFORMATION:
A. Background
Increasingly, contractors are required to have physical access to
federally controlled facilities and information systems in the
performance of Government contracts. On August 27, 2004, in response to
the general threat of unauthorized access to physical facilities and
information systems, the President issued Homeland Security
Presidential Directive (HSPD) 12. The primary objectives of HSPD-12 are
to establish a process to enhance security, increase Government
efficiency, reduce identity fraud, and protect personal privacy by
establishing a mandatory, Governmentwide standard for secure and
reliable forms of identification issued by the Federal Government to
its employees and contractors. In accordance with HSPD-12, the
Secretary of Commerce issued on February 25, 2005, Federal Information
Processing Standards Publication (FIPS PUB) 201, Personal Identity
Verification of Federal Employees and Contractors, to establish a
Governmentwide standard for secure and reliable forms of identification
for Federal and contractor employees. FIPS PUB 201 is available at
https://www.smartcardalliance.org/pdf/industry_info/FIPS_201_
022505.pdf. The associated Office of Management and Budget (OMB)
guidance, M-05-24, dated August 5, 2005, can be found at https://
www.whitehouse.gov/omb/memoranda/fy2005/m05-24.pdf.
In accordance with requirements in HSPD-12 and OMB Memorandum M-05-
24, agencies must--
(a) Issue and require the use of identity credentials that are
compliant with the technical requirements of FIPS PUB 201 and
associated guidance issued by the National Institute for Standards and
Technology in the areas of personal authentication, access controls and
card management; and
(b) Agencies may acquire authentication products and services that
are approved to be compliant with the FIPS PUB 201 through Special Item
Number (SIN) 132-62, HSPD-12 Product and Service Components, made
available by GSA under Federal Supply Schedule 70. GSA is developing an
informational Web site (idmanagement.gov) that will provide a one-stop
shop for citizens, businesses, and government entities interested in
identity management activities. The site will provide information on
HSPD-12 and eAuthentication acquisition vehicles and processes.
This proposed rule revises Subpart 4.13 by adding two new sections
on the scope of the subpart, and the acquisition of approved products
and services; the existing sections are revised and renumbered. This is
not a significant regulatory action and, therefore, was not subject to
review under Section 6(b) of Executive Order 12866, Regulatory Planning
and Review, dated September 30, 1993. This rule is not a major rule
under 5 U.S.C. 804.
B. Regulatory Flexibility Act
The changes may have a significant economic impact on a substantial
number of small entities within the meaning of the Regulatory
Flexibility Act, 5 U.S.C. 601, et seq. HSPD-12 requires agencies to
procure PIV products and services that comply with the FIPS PUB 201
standard. NIST has established the NIST Personal Identity Verification
Program (NPIVP) (https://csrc.nist.gov/npivp) to validate Personal
Identity Verification (PIV) components and sub-systems required by
Federal Information Processing Standards Publication (FIPS PUB) 201
that meet the NPIVP requirements. The validation tests are performed by
third party laboratories that are accredited through NIST's National
Voluntary Laboratory Accreditation Program.
Vendors are required to obtain validation testing and certification
from an accredited laboratory. The testing is performed on a fee basis.
The number and extent of testing will depend on the nature of the
product or service being tested. The test protocols are still under
development. The impact on small entities will, therefore, be variable
depending on the nature of the product/service being validated. These
standards and testing policies may affect small business concerns in
terms of their ability to compete and win Federal contracts. The extent
of the effect and impact on small business concerns is unknown and will
vary by product and service due to the wide variances among product and
service functionality and design. An Initial Regulatory Flexibility
Analysis (IRFA) has been prepared. The analysis is summarized as
follows:
1. Description of the reasons why the action is being taken.
This proposed rule amends the Federal Acquisition Regulation to
implement the provisions of Homeland Security Presidential Directive
12 (HSPD-12) and Federal Information Processing Standards
Publication Number 201 (FIPS PUB 201).
2. Succinct statement of the objectives of, and legal basis for,
the rule.
The rule implements the provisions of HSPD-12 that require
agencies to purchase PIV products and services that are approved to
comply with the FIPS PUB 201 standard and that are interoperable
among agencies.
3. Description of and, where feasible, estimate of the number of
small entities to which the rule will apply.
[[Page 49407]]
The FAR rule requires that agencies acquire PIV products and
services that comply with the FIPS PUB 201 standard. The impact on
small entities will, therefore, vary depending on the approval
process for vendor products and services.
4. Description of projected reporting, recordkeeping, and other
compliance requirements of the rule, including an estimate of the
classes of small entities which will be subject to the requirement
and the type of professional skills necessary for preparation of the
report or record.
The rule does not impose any new reporting, recordkeeping, or
compliance requirements.
5. Identification, to the extent practicable, of all relevant
Federal rules which may duplicate, overlap, or conflict with the
rule.
The rule does not duplicate, overlap, or conflict with any other
Federal rules.
6. Description of any significant alternatives to the rule which
accomplish the stated objectives of applicable statutes and which
minimize any significant economic impact of the rule on small
entities.
There are no practical alternatives that will accomplish the
objectives of HSPD-12.
The FAR Secretariat has submitted a copy of the IRFA to the Chief
Counsel for Advocacy of the Small Business Administration. A copy of
the IRFA may be obtained from the FAR Secretariat. The Councils will
consider comments from small entities concerning the affected FAR Part
4 in accordance with 5 U.S.C. 610. Comments must be submitted
separately and should cite 5 U.S.C 601, et seq. (FAR case 2005-017), in
correspondence.
C. Paperwork Reduction Act
The Paperwork Reduction Act does not apply because the proposed
changes to the FAR do not impose information collection requirements
that require the approval of the Office of Management and Budget under
44 U.S.C. 3501, et seq.
List of Subjects in 48 CFR Part 4
Government procurement.
Dated: August 17, 2006.
Ralph De Stefano,
Director, Contract Policy Division.
Therefore, DoD, GSA, and NASA propose amending 48 CFR part 4 as set
forth below:
PART 4--ADMINISTRATIVE MATTERS
1. The authority citation for 48 CFR part 4 continues to read as
follows:
Authority: 40 U.S.C. 121(c); 10 U.S.C. chapter 137; and 42
U.S.C. 2473(c).
2. Revise Subpart 4.13 to read as follows:
Subpart 4.13--Personal Identity Verification
Sec.
4.1300 Scope of subpart.
4.1301 Contractual implementation of personal identity verification
requirement.
4.1302 Acquisition of approved products and services for personal
identity verification.
4.1303 Contract clause.
4.1300 Scope of subpart.
This subpart provides policy and procedures associated with
Personal Identity Verification as required by--
(a) Federal Information Processing Standards Publication (FIPS PUB)
Number 201, ``Personal Identity Verification of Federal Employees and
Contractors''; and
(b) Office of Management and Budget (OMB) guidance M-05-24, dated
August 5, 2005, ``Implementation of Homeland Security Presidential
Directive (HSPD) 12--Policy for a Common Identification Standard for
Federal Employees and Contractors''.
4.1301 Contractual implementation of personal identity verification
requirement.
(a) Agencies must follow FIPS PUB 201 and the associated OMB
implementation guidance for personal identity verification for all
affected contractor and subcontractor personnel when contract
performance requires contractors to have physical access to a
federally-controlled facility or access to a Federal information
system.
(b) Agencies must include their implementation of FIPS PUB 201 and
OMB guidance M-05-24, in solicitations and contracts that require the
contractor to have physical access to a federally-controlled facility
or access to a Federal information system.
(c) Agencies must designate an official responsible for verifying
contractor employee personal identity.
4.1302 Acquisition of approved products and services for personal
identity verification.
(a) In order to comply with FIPS PUB 201, agencies must only
purchase approved personal identity verification products and services.
Agencies may acquire the approved products and services from the GSA,
Federal Supply Schedule 70, Special Item Number (SIN) 132-62, HSPD-12
Product and Service Components.
(b) When acquiring personal identity verification products and
services not using the process in paragraph (a) of this section,
agencies must ensure that the applicable products and services are
approved as compliant with FIPS PUB 201 including--
(1) Certifying the products and services procured meet all
applicable Federal standards and requirements;
(2) Ensuring interoperability and conformance to applicable Federal
standards for the lifecycle of the components; and
(3) Maintaining a written plan for ensuring ongoing conformance to
applicable Federal standards for the lifecycle of the components.
4.1303 Contract clause.
The Contracting Officer shall insert the clause at 52.204-9,
Personal Identity Verification of Contractor Personnel, in
solicitations and contracts when contract performance requires
contractors to have physical access to a federally-controlled facility
or access to a federally-controlled information system.
[FR Doc. 06-7088 Filed 8-22-06; 8:45 am]
BILLING CODE 6820-EP-S
