Federal Acquisition Regulation; FAR Case 2005-015, Common Identification Standard for Contractors, 67771-67775 [06-9308]

Download as PDF Federal Register / Vol. 71, No. 225 / Wednesday, November 22, 2006 / Rules and Regulations $193,000 for supplies and services and $7,407,000 for construction. Item V—Technical Amendments Editorial changes are made at FAR 15.404–1, 22.1006, 22.1304, 28.202, 52.212–5, 52.222–43, 52.228–15, and 52.228–16, in order to update references. Dated: November 15, 2006. Ralph De Stefano, Director, Contract Policy Division. Federal Acquisition Circular Federal Acquisition Circular (FAC) 2005-14 is issued under the authority of the Secretary of Defense, the Administrator of General Services, and the Administrator for the National Aeronautics and Space Administration. Unless otherwise specified, all Federal Acquisition Regulation (FAR) and other directive material contained in FAC 2005-14 is effective November 22, 2006. Dated: November 12, 2006. Shay D. Assad, Director, Defense Procurement and Acquisition Policy. Dated: November 8, 2006. Roger D. Waldron, Acting Senior Procurement Executive, General Services Administration. Dated: November 6, 2006. Tom Luedtke, Assistant Administrator for Procurement, National Aeronautics and Space Administration. [FR Doc. 06–9309 Filed 11–21–06; 8:45 am] BILLING CODE 6820–EP–S DEPARTMENT OF DEFENSE GENERAL SERVICES ADMINISTRATION NATIONAL AERONAUTICS AND SPACE ADMINISTRATION 48 CFR Parts 2, 4, 7, and 52 [FAC 2005–14; FAR Case 2005–015; Item I; Docket 2006–0020, Sequence 19] RIN 9000–AJ91 Federal Acquisition Regulation; FAR Case 2005–015, Common Identification Standard for Contractors Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA). ACTION: Final rule. pwalker on PROD1PC61 with RULES2 AGENCIES: SUMMARY: The Civilian Agency Acquisition Council and the Defense VerDate Aug<31>2005 20:18 Nov 21, 2006 Jkt 211001 Acquisition Regulations Council (Councils) have agreed to convert the interim rule published in the Federal Register at 71 FR 208 on January 3, 2006, to a final rule with changes. This final rule is amending the Federal Acquisition Regulation (FAR) to add the contractor personal identification requirements identified in the Homeland Security Presidential Directive (HSPD) 12, ‘‘Policy for a Common Identification Standard for Federal Employees and Contractors,’’ and Federal Information Processing Standards (FIPS) Number 201, ‘‘Personal Identity Verification (PIV) of Federal Employees and Contractors,’’ as amended. DATES: Effective Date: November 22, 2006. Applicability Date: This rule applies to solicitations and contracts issued or awarded on or after November 22, 2006. Contracts awarded before October 27, 2005 requiring contractors to have routine physical access to a Federallycontrolled facility and/or routine access to a Federally-controlled information system must be modified to ensure that credentials are issued by October 27, 2007, pursuant to FAR Subpart 4.13 in accordance with agency implementation of FIPS PUB 201 and OMB guidance M– 05–24, as amended. FOR FURTHER INFORMATION CONTACT: For clarification of content, contact Mr. Michael Jackson, Procurement Analyst, at (202) 208–4949. Please cite FAC 2005–14, FAR case 2005–015. For information pertaining to status or publication schedules, contact the FAR Secretariat at (202) 501–4755. SUPPLEMENTARY INFORMATION: A. Background This final rule amends the Federal Acquisition Regulation to require contracting officers to incorporate the requirement for contractors to comply with agency verification procedures that implement Homeland Security Presidential Directive–12 (HSPD–12), Office of Management and Budget (OMB) guidance M–05–24, and Federal Information Processing Standards Publication (FIPS PUB) Number 201 when applicable to the work to be performed under the contract. DoD, GSA, and NASA published an interim rule in the Federal Register at 71 FR 208 on January 3, 2006. The 60day comment period for the interim rule ended March 6, 2006. Five respondents provided comments. Most comments pointed out areas of concern and language that required clarification. The substantive comments are discussed below. PO 00000 Frm 00003 Fmt 4701 Sfmt 4700 67771 Public Comments Comment: One respondent requested the Government clarify/elaborate on the requirements to have subcontractors properly cleared. Response: Implementation of Homeland Security Presidential Directive (HSPD) 12 required by OMB memorandum M–05–24, Policy for a Common Identification Standard for Federal Employees and Contractors, follows the Federal Information Processing Standard Publication (FIPS PUB) 201 when individuals under contract with a Federal department or agency, requiring routine access to Federally-controlled facilities and/or Federally-controlled information systems, require identity credentials consistent with existing agency security policies. The need to have contactors meet the requirements of FIPS PUB 201, including background investigations, applies equally to contractors and subcontractors to the extent that subcontractors require routine access to Federally-controlled facilities and/or Federally-controlled information systems. As such, the Councils have revised the final rule to add the term ‘‘routine’’ to clarify that personal identity verification does not apply to all contractors and/or subcontractors. Comment: One respondent stated there is an overlap with Department of Defense Instruction (DoDI) 3020.41 (October 3, 2005) paragraph 6.2.7.3 which states ‘‘contingency contractor personnel shall be issued a standard Geneva Convention Card...U.S. citizens and selected other CDF will be issued a DoD Uniformed Services Identification and Privilege Card...’’, and points out that FAC 2005–07 requires agencies to adopt and accredit a registration process consistent with the identity proofing, registrations and accreditation requirements in section 2.2 of FIPS [PUB] 201. The respondent asks will the requirement in DoDI 3020.41 satisfy the requirements of FAC 2005–07 for providing a personal identity card for contingency contractors? The respondent also asks does FAC 2005–07 duplicate or supplement the requirement in DoDI 3020.41 or does it depend on the contingency status of the contractor? Response: Those contingency contractor personnel who receive a common access card (CAC), including those who receive a CAC based on the eligibility for a Geneva Conventions card, must comply with the identity proofing and vetting requirements of FIPS PUB 201, as the CAC represents DoD’s implementation of the Personal Identity Verification (PIV) for Federal E:\FR\FM\22NOR2.SGM 22NOR2 pwalker on PROD1PC61 with RULES2 67772 Federal Register / Vol. 71, No. 225 / Wednesday, November 22, 2006 / Rules and Regulations Employees and Contractors standard. Policy change is currently in staffing to modify and update existing documents to comply with the heightened requirements. The current DoDI 3020.41 does not satisfy FIPS PUB 201 requirements; pending publication of the policy changes, FIPS PUB 201 must be considered additive to the requirements of DoDI 3020.1. Comment: One respondent highlights that the FIPS PUB 201 will be implemented in two phases, that the documents referenced in the interim rule are lengthy and a small business may not have the capability to download them, and that SBA may need to assist small businesses and/or provide training to make them competent in this arena. The respondent also stated that added administrative time is required for businesses and Federal agencies to incorporate the required contract modifications. The respondent also recommends that the standards required by parts 1 and 2 of the OMB memorandum (M–05–24) be outlined in the FAR clause at 52.204–9, and that the clause be added to solicitations and contracts in full text versus incorporation by reference. Response: The rule permits modifications to be executed according to agency procedures for FIPS PUB 201 implementation. The Councils consider the October 2007 date to be in full compliance with FIPS PUB 201 and allow adequate time for agencies to establish a completion date to modify contracts thereby lessening any administrative burden. Agencies will establish their own procedures for complying with FIPS PUB 201, therefore the Councils do not want to give the appearance that the outline encompasses all facets of identity verification by including an outline in the clause. Because agency policy will implement FIPS PUB 201, agency resources should be available to assist small businesses with questions or concerns regarding their procedures. Adding the clause in solicitations and contracts by reference is the proper prescription, and the full text of clause 52.204–9 is available using the Internet. Nonetheless, a small business can receive clarification or a copy of the clause by contacting the contracting officer. Comment: One respondent commented that the interim rule is a significant regulatory action and suggested that the budgetary and administrative impact is so significant it should be a ‘‘major rule’’ that is subject to congressional review pursuant to 5 U.S.C. 801 et seq. and to the regulatory VerDate Aug<31>2005 20:18 Nov 21, 2006 Jkt 211001 planning and review process under Executive Order 12866. Response: The budgetary and administrative resources to implement HSPD–12 are provided by the Government. The Councils have appropriately complied with the determination made by OMB’s Office of Information and Regulatory Affairs that this rule is not significant, nor economically significant, nor a major rule. Comment: One respondent commented that the HSPD–12 requires agencies to ‘‘complete and receive notification of results of the FBI National Criminal History check prior to credential issuance.’’ Both requirements will significantly increase the demands placed on Government investigative services far beyond their current budgetary and manpower capabilities. The respondent provided an overview of the backlog OPM is currently experiencing. The respondent indicates that hundreds of thousands more investigations will be required by HSPD–12 for government personnel, contractors, and subcontractors, and questions how the Government will handle the influx of contractor personnel. The respondent also stated the rule will cause an artificial increase in the number of investigations to ensure that personnel that may become critical to the contract performance are not excluded only because they do not have a government-issued I.D. Response: Attachment A to the OMB Memo M–05–24 dated August 5, 2005, states that agencies should receive notification of results of the National Agency Checks before issuing a credential. However, the memo provides that the identity credential can be issued based on the FBI National Criminal History Check (fingerprint check) if the results are not received in 5 days. Because of this provision, the Councils have concluded that flexibilities exist to allow credentialing which may mitigate the impact of an increase in demand placed on investigative services. OPM is responsible for the investigative services and has procedures in place to handle the associated workload. Comment: One respondent expressed that a concern for industry is the potential impact of this rule on the performance of contracts by contractors and subcontractors, because the rule is silent on the consequences of Government investigative services not being completed in a timely fashion. The respondent questions if an agency is allowed beyond October 27, 2005 to continue to provide access to ‘‘federallycontrolled facilities’’ and/or ‘‘federal PO 00000 Frm 00004 Fmt 4701 Sfmt 4700 information systems’’ for contractors and subcontractors who are not yet adjudicated. Additional concern was expressed that a contractor or subcontractor would be barred from performing on a contract because the Government is unable to provide a final identity verification and successful criminal background check. Response: In reference to the OMB Memo M–05–24, agencies are instructed to initiate National Agency Checks by October 27, 2005. Full completion will occur over a specified time period. The guidance includes instruction for distinguishing adjudicated individuals from those that have not yet been adjudicated; it does not prohibit access. Each agency will follow its own implementation policy for access authorization when a final identity verification and successful criminal background check are pending. Therefore, the Councils do not anticipate that contractors or subcontractors will be barred from performing their contractual obligations. Comment: Two respondents question the course of action for contractors and subcontractors, including small and disadvantaged businesses, needing to obtain identity verification for their employees. It appears that the agency will be responsible for ensuring all contractor and subcontractor employees are able to complete the process, but such a sequence would indicate that verification occurs after award and employers who do not currently have adjudicated personnel would be required to delay performance on the contract until such time as a sufficient number of personnel can be adjudicated. Response: As stated in the response above, implementation of HSPD–12 does not prohibit access to a Federallycontrolled facility and/or Federallycontrolled information system pending a final identity verification and successful criminal background check. Contractors must comply with agency procedures for access authorization when a final adjudication has not been issued. There is no intent to delay contract performance until a sufficient number of personnel can be adjudicated. Comment: One respondent stated the prospect of investigative delays would drive businesses that can offer the Government successful commercial solutions from the marketplace because the delays would impact performance, and suggests a solution is to start verifying identity before contract award. However, this option would exacerbate the problem of workload delays that E:\FR\FM\22NOR2.SGM 22NOR2 pwalker on PROD1PC61 with RULES2 Federal Register / Vol. 71, No. 225 / Wednesday, November 22, 2006 / Rules and Regulations already plague the Government investigative services. Response: The Councils have been informed by OPM that the full extent to which HSPD–12 will create investigative delays is unknown. It is anticipated that cases received by OPM because of HSPD–12 implementation, that would not otherwise have been received, will be almost exclusively for uncleared contractors. While the true size of this population is unknown, what is known is that a large number of agencies have been investigating uncleared contractors on a regular basis and the workload increase will be significantly smaller than if no activity had ever occurred. National Agency Check with Inquiries (NACI), the minimum investigation required for HSPD–12 compliance and personal identity verification (PIV) issuance, are not labor intensive. Once the case is data-entered, it is processed by automated systems. NACIs do not, other than in rare cases, require the use of field investigators. Further, PIV credentials can be issued upon favorable completion of the fingerprint portion of the NACI, which in most cases will be accomplished in a matter of days. The option of allowing contractors to begin the investigative process before contract award would create a far greater burden on the process. OPM is the authority on handling workload for investigative services, and has procedures to support implementation of HSPD–12. Comment: One respondent stated it supports the need for secure and reliable forms of identification, but it is not clear that the Government has sufficiently anticipated the full scale of the impact on investigative services, historical delays, nor the potential impact on contractors and subcontractor and Government contracting as a whole on the Government’s ability to verify the personnel for every contractor and subcontractor requiring access to ‘‘federal information systems’’ and/or ‘‘federally-controlled facilities.’’ Response: As stated in the above response, the Councils have been informed by OPM that the full extent to which HSPD–12 will create investigative delays is unknown, however, it is anticipated that cases received by OPM because of HSPD–12 implementation, that would not otherwise have been received, will almost exclusively be for uncleared contractors. OPM is responsible for handling investigative requests regarding HSPD–12 and has existing procedures to manage this type of workload. Comment: One respondent stated the Councils must require as part of the rule VerDate Aug<31>2005 20:18 Nov 21, 2006 Jkt 211001 that agencies submit information to the Government investigative services. Citing the November 9, 2005 testimony of Linda Springer, Director of the Office of Personnel Management, to the Senate Subcommittee on Oversight of Government Management, the Federal Workforce and the District of Columbia, this information will at least provide the bases for adequate, reasonable and accurate annual estimates of the personnel and costs demands they will place upon the process. Response: In her November 9, 2005 testimony, Ms. Springer indicated that ‘‘OPM will assist agencies in improving their workload forecasting by collecting quarterly data comparing agencies’ annual workload projections with actual requests,’’ and that OPM will continue to work toward reducing the time it takes to complete the process for investigative cases. The Councils support OPM’s role in managing resources to perform investigations and OPM’s procedures for gathering information for investigative services, and do not believe it is necessary to add further implementation requirements to this rule. Comment: One respondent states the FAR interim rule sets a mechanism for requiring contractors to comply with HSPD–12 that differs from the OMB guidance. Because DOE has implemented the appropriate mechanism to assure contractors comply with HSPD–12, implementation of the FAR rule will cause hardship to the Department. The FAR policy requires agencies to follow HSPD–12 and its associated guidance. The policy states ‘‘agencies must follow FIPS 201 and OMB guidance for personal identity verification for all affected contractor and subcontractor personnel...’’ This policy language indicates that the FAR interim rule is intended to further the requirements of FIPS 201 and OMB guidance. This language clearly implies that for contractors which are not affected by HSPD–12, contracting officers do not have to include this clause. Response: The Councils did not intend to overstate requirements to implement FIPS PUB 201 and the OMB guidance and agree that contracting officers do not have to include the clause if contract performance does not require compliance with HSPD–12. The final rule clarifies that HSPD–12 applies when contractors and subcontractors require routine physical access to a Federally-controlled facility and/or routine access to a Federally-controlled information system. Comment: One respondent recommends that the FAR Interim Rule PO 00000 Frm 00005 Fmt 4701 Sfmt 4700 67773 be modified for consistency with established HSPD–12 guidance, because the FAR requirement is not consistent with the recently amended FIPS PUB 201 and the OMB memorandum M–05– 24. In particular, promulgation of the final rule as written could result in substantial confusion among the Federal agency employees and contractors who are assigned to implement HSPD–12 at large Federal agencies. The respondent listed items in the FAR interim rule which are different from the OMB memo including the definition of Federally-controlled facilities; the use of ‘‘Federal Information System’’ instead of ‘‘Federally Controlled Information System’’; the omission of ‘‘facilities under a management and operation contract’’; the exception for ‘‘education institution’’; and the expansion of the definition of ‘‘Federally owned buildings and leased space’’ to include property interests controlled by any department or agency. Response: The Councils have reviewed updated FIPS PUB 201 guidance and have revised the definitions in the final rule for Federally-controlled facilities and Federally-controlled information systems to be consistent with the OMB Memo M–05–24, dated August 5, 2005. This is not a significant regulatory action and, therefore, was not subject to review under Section 6(b) of Executive Order 12866, Regulatory Planning and Review, dated September 30, 1993. This rule is not a major rule under 5 U.S.C. 804. B. Regulatory Flexibility Act The changes may have a significant economic impact on a substantial number of small entities within the meaning of the Regulatory Flexibility Act, 5 U.S.C. 601, et seq., because all entities that hold contracts or wish to hold contracts that require their personnel to have access to Federallycontrolled facilities or information systems will be required to employ on Government contracts only employees who meet the standards for being credentialed and expend resources necessary to help employees fill out the forms for credentialing. The Councils prepared a Final Regulatory Flexibility Analysis (FRFA), and it is summarized as follows: 1. Statement of need for, and objectives of, the rule. This rule amends the Federal Acquisition Regulation to implement the Homeland Security Presidential Directive (HSPD) 12, ‘‘Policy for a Common Identification Standard for Federal Employees and Contractors,’’ dated August 27, 2004. HSPD 12 requires the development and agency implementation of a mandatory E:\FR\FM\22NOR2.SGM 22NOR2 pwalker on PROD1PC61 with RULES2 67774 Federal Register / Vol. 71, No. 225 / Wednesday, November 22, 2006 / Rules and Regulations Governmentwide standard for secure and reliable forms of identification for Federal employees and contractors, including contractor employees. 2. Summary of significant issues raised by the public comments in response to the Initial Regulatory Flexibility Analysis (IRFA), a summary of the assessment of the agency of such issues, and a statement of any changes made in the interim rule as a result of such comments. An interim rule was published in the Federal Register at 71 FR 208 on January 3, 2006. The Councils considered all of the comments in finalizing the rule. An Initial Regulatory Flexibility Analysis was performed. One respondent highlights that the FIPS PUB 201 will be implemented in two phases, that the documents referenced in the interim rule are lengthy and a small business may not have the capability to download them, and that SBA may need to assist small businesses and/or provide training to make them competent in this arena. The respondent also stated that added administrative time is required for businesses and Federal agencies to incorporate the required contract modifications. The councils consider the October 2007 date to be in full compliance with FIPS PUB 201 and allow adequate time for agencies to establish a completion date to modify contracts thereby lessening any administrative burden. Because agency policy will implement FIPS PUB 201, agency resources should be available to assist small businesses with questions or concerns regarding their procedures. 3. Description of, and an estimate of the number of, small entities to which the rule will apply or an explanation of why no such estimate is available. This rule will apply to all large and small businesses that seek awards when contract performance requires contractors and/or subcontractors to have routine physical access to a Federally-controlled facility and/ or routine access to a Federally-controlled information system. A precise estimate of the number of small entities that fall within the rule is not currently feasible because it would include both contractors who perform in Government-owned space as well as those who perform in Government-leased space (including employees of the lessor and its contractors). The Councils did not receive any comments on this issue from small business concerns or other interested parties in response to the Initial Regulatory Flexibility Analysis. 4. Description of the projected reporting, recordkeeping, and other compliance requirements of the rule, including an estimate of the classes of small entities which will be subject to the requirement and the type of professional skills necessary for preparation of the report or record. The rule does not directly require reporting, recordkeeping or other compliance requirements within the meaning of the Paperwork Reduction Act (PRA). The rule does require that any entity, including small businesses that will be performing a contract that requires its employees to have access to Federal facilities or information systems, submit information on their employees. Such VerDate Aug<31>2005 20:18 Nov 21, 2006 Jkt 211001 information will include a personnel history for each employee having access to a Federal facility or information system for a period exceeding 6 months. Although the forms involved are similar to a standard application for employment that is used by many companies, it is envisioned that some employers, especially those using non-skilled or semi-skilled laborers, will need to help their employees complete the form. It is estimated that each applicant will spend approximately 30 minutes completing the form. Five respondents provided public comments in response to the interim rule. The public expressed concern that downloading large documents may be problematic for small business concerns, there will be a significant increase workload for OPM resources who provide investigative services that may cause a delay and prohibit a contractor’s ability to start performance while awaiting adjudication, and the interim rule overstated the credentialing requirements by referencing all contractors and subcontractors. The responses to public comments in the final rule preamble address these comments. Agencies must adopt the technical standards for an approved identity proofing and registration process established by Federal Information Processing Standard Publication (FIPS PUB) 201, and establish their own implementation policy. The real implementation of this directive will occur at the agency level. Agencies should be prepared to assist contractors with questions or concerns about the agency policy. 5. Description of steps the agency has taken to minimize significant economic impact on small entities consistent with the stated objectives of applicable statutes, including a statement of the factual, policy, and legal reasons for selecting the alternative adopted in the final rule and why each of the other significant alternatives to the rule considered by the agency was rejected. There are no known significant alternatives that will accomplish the objectives of the rule. No alternatives were proposed during the public comment period. The FAR Secretariat has submitted a copy of the FRFA to the Chief Counsel for Advocacy of the Small Business Administration. Interested parties may obtain a copy from the FAR Secretariat. The Councils will consider comments from small entities concerning the affected FAR Parts 2, 4, 7, and 52 in accordance with 5 U.S.C. 610. Interested parties must submit such comments separately and should cite 5 U.S.C. 601, et seq. (FAC 2005–14, FAR Case 2005– 015), in correspondence. C. Paperwork Reduction Act The Paperwork Reduction Act does not apply because the changes to the FAR do not impose information collection requirements that require the approval of the Office of Management and Budget under 44 U.S.C. 3501, et seq. PO 00000 Frm 00006 Fmt 4701 Sfmt 4700 List of Subjects in 48 CFR Parts 2, 4, 7, and 52 Government procurement. Dated: November 15, 2006. Ralph De Stefano, Director, Contract Policy Division. Interim Rule Adopted as Final with Changes Accordingly, DoD, GSA, and NASA adopt the interim rule amending 48 CFR parts 2, 4, 7, and 52, which was published in the Federal Register at 71 FR 208, January 3, 2006, as a final rule with the following changes: I 1. The authority citation for 48 CFR parts 2, 4, 7, and 52 continues to read as follows: I Authority: 40 U.S.C. 121(c); 10 U.S.C. chapter 137; and 42 U.S.C. 2473(c). PART 2—DEFINITIONS OF WORDS AND TERMS 2. Amend section 2.101 in paragraph (b)(2) by removing the definition ‘‘Federal information system’’; revising the definition ‘‘Federally-controlled facilities’’; and adding the definition ‘‘Federally-controlled information system’’ to read as follows: I 2.101 Definitions. * * * * * (b) * * * (2) * * * Federally-controlled facilities means— (1) Federally-owned buildings or leased space, whether for single or multi-tenant occupancy, and its grounds and approaches, all or any portion of which is under the jurisdiction, custody or control of a department or agency; (2) Federally-controlled commercial space shared with non-government tenants. For example, if a department or agency leased the 10th floor of a commercial building, the Directive applies to the 10th floor only; (3) Government-owned, contractoroperated facilities, including laboratories engaged in national defense research and production activities; and (4) Facilities under a management and operating contract, such as for the operation, maintenance, or support of a Government-owned or Governmentcontrolled research, development, special production, or testing establishment. Federally-controlled information system means an information system (44 U.S.C. 3502(8) used or operated by a Federal agency, or a contractor or other E:\FR\FM\22NOR2.SGM 22NOR2 Federal Register / Vol. 71, No. 225 / Wednesday, November 22, 2006 / Rules and Regulations organization on behalf of the agency (44 U.S.C. 3544(a)(1)(A)). * * * * * verification of contractors will be met (see Subpart 4.13). * * * * * PART 4—ADMINISTRATIVE MATTERS PART 52—SOLICITATION PROVISIONS AND CONTRACT CLAUSES 3. Revise section 4.1300 in paragraphs (a) and (b) and section 4.1301 to read as follows: I 4.1300 Policy. (a) Agencies must follow Federal Information Processing Standards Publication (FIPS PUB) Number 201, ‘‘Personal Identity Verification of Federal Employees and Contractors,’’ as amended, and the associated Office of Management and Budget (OMB) implementation guidance as amended, for personal identity verification for all affected contractor and subcontractor personnel when contract performance requires contractors to have routine physical access to a Federally-controlled facility and/or routine access to a Federally-controlled information system. (b) Agencies must include their implementation of FIPS PUB 201 as amended, and OMB guidance M–05–24, dated August 5, 2005, as amended, in solicitations and contracts that require the contractor to have routine physical access to a Federally-controlled facility and/or routine access to a Federallycontrolled information system. * * * * * 4.1301 Contract clause. The contracting officer shall insert the clause at 52.204–9, Personal Identity Verification of Contractor Personnel, in solicitations and contracts when contract performance requires contractors to have routine physical access to a Federally-controlled facility and/or routine access to a Federallycontrolled information system. The clause shall not be used when contractors require only intermittent access to Federally-controlled facilities. PART 7—ACQUISITION PLANNING 4. Amend section 7.105 by revising the last sentence in paragraph (b)(17) to read as follows: I 7.105 Contents of written acquisition plans. pwalker on PROD1PC61 with RULES2 * * * * * (b) * * * (17) Security considerations. * * * For acquisitions requiring routine contractor physical access to a Federally-controlled facility and/or routine access to a Federally-controlled information system, discuss how agency requirements for personal identity VerDate Aug<31>2005 20:18 Nov 21, 2006 Jkt 211001 5. Amend section 52.204–9 by revising the date of the clause to read ‘‘(NOV 2006)’’; and revising paragraphs (a) and (b) to read as follows: I 52.204–9 Personal Identity Verification of Contractor Personnel. * * * * * (a) The Contractor shall comply with agency personal identity verification procedures identified in the contract that implement Homeland Security Presidential Directive–12 (HSPD–12), Office of Management and Budget (OMB) guidance M–05–24, as amended, and Federal Information Processing Standards Publication (FIPS PUB) Number 201, as amended. (b) The Contractor shall insert this clause in all subcontracts when the subcontractor is required to have routine physical access to a Federallycontrolled facility and/or routine access to a Federally-controlled information system. (End of clause) [FR Doc. 06–9308 Filed 11–21–06; 8:45 am] BILLING CODE 6820–EP–S DEPARTMENT OF DEFENSE GENERAL SERVICES ADMINISTRATION NATIONAL AERONAUTICS AND SPACE ADMINISTRATION 48 CFR Parts 25 and 52 [FAC 2005–14; FAR Case 2005–045; Item II; Docket 2006–0020, Sequence 20] RIN 9000–AK43 Federal Acquisition Regulation; FAR Case 2005–045, Removal of Sanctions Against Certain EU Countries AGENCIES: Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA). ACTION: Final rule. SUMMARY: The Civilian Agency Acquisition Council and the Defense Acquisition Regulations Council (Councils) have agreed to adopt as final, without change, an interim rule that amended the Federal Acquisition Regulation (FAR) to remove the sanctions against certain European Union (EU) countries. PO 00000 Frm 00007 Fmt 4701 Sfmt 4700 DATES: 67775 Effective Date: November 22, 2006. For clarification of content, contact Mr. Jeremy Olson, at (202) 501–3221. Please cite FAC 2005–14, FAR case 2005–045. For information pertaining to status or publication schedules, contact the FAR Secretariat at (202) 501–4755. SUPPLEMENTARY INFORMATION: FOR FURTHER INFORMATION CONTACT: A. Background DoD, GSA, and NASA published an interim rule in the Federal Register at 71 FR 20305 on April 19, 2006. The interim rule deleted FAR Subpart 25.6, Trade Sanctions, and the clauses at FAR 52.225–15, Sanctioned European Union Country End Products, and FAR 52.225– 16, Sanctioned European Union Country Services, and other associated references in FAR Part 25. No comments were received by the close of the public comment period on June 19, 2006. Therefore, the Councils have agreed to convert the interim rule to a final rule without change. This is not a significant regulatory action and, therefore, was not subject to review under Section 6(b) of Executive Order 12866, Regulatory Planning and Review, dated September 30, 1993. This rule is not a major rule under 5 U.S.C. 804. B. Regulatory Flexibility Act The Department of Defense, the General Services Administration, and the National Aeronautics and Space Administration certify that this final rule will not have a significant economic impact on a substantial number of small entities within the meaning of the Regulatory Flexibility Act, 5 U.S.C. 601, et seq., because this rule only removes sanctions from— • End products from sanctioned EU countries with an estimated acquisition value less than $193,000; • Sanctioned EU country construction with an estimated acquisition value less than $7,407,000; or • Sanctioned EU country services with an estimated acquisition value less than $193,000 or that are excluded from coverage by the World Trade Organization Government Procurement Agreement. These sanctions did not apply to small business set-asides, to acquisitions below the simplified acquisition threshold using simplified acquisition procedures, or to acquisitions by the Department of Defense. C. Paperwork Reduction Act The Paperwork Reduction Act does not apply because the changes to the E:\FR\FM\22NOR2.SGM 22NOR2

Agencies

[Federal Register Volume 71, Number 225 (Wednesday, November 22, 2006)]
[Rules and Regulations]
[Pages 67771-67775]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 06-9308]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

GENERAL SERVICES ADMINISTRATION

NATIONAL AERONAUTICS AND SPACE ADMINISTRATION

48 CFR Parts 2, 4, 7, and 52

[FAC 2005-14; FAR Case 2005-015; Item I; Docket 2006-0020, Sequence 19]
RIN 9000-AJ91


Federal Acquisition Regulation; FAR Case 2005-015, Common 
Identification Standard for Contractors

AGENCIES: Department of Defense (DoD), General Services Administration 
(GSA), and National Aeronautics and Space Administration (NASA).

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Civilian Agency Acquisition Council and the Defense 
Acquisition Regulations Council (Councils) have agreed to convert the 
interim rule published in the Federal Register at 71 FR 208 on January 
3, 2006, to a final rule with changes. This final rule is amending the 
Federal Acquisition Regulation (FAR) to add the contractor personal 
identification requirements identified in the Homeland Security 
Presidential Directive (HSPD) 12, ``Policy for a Common Identification 
Standard for Federal Employees and Contractors,'' and Federal 
Information Processing Standards (FIPS) Number 201, ``Personal Identity 
Verification (PIV) of Federal Employees and Contractors,'' as amended.

DATES: Effective Date: November 22, 2006.
    Applicability Date: This rule applies to solicitations and 
contracts issued or awarded on or after November 22, 2006. Contracts 
awarded before October 27, 2005 requiring contractors to have routine 
physical access to a Federally-controlled facility and/or routine 
access to a Federally-controlled information system must be modified to 
ensure that credentials are issued by October 27, 2007, pursuant to FAR 
Subpart 4.13 in accordance with agency implementation of FIPS PUB 201 
and OMB guidance M-05-24, as amended.

FOR FURTHER INFORMATION CONTACT: For clarification of content, contact 
Mr. Michael Jackson, Procurement Analyst, at (202) 208-4949. Please 
cite FAC 2005-14, FAR case 2005-015. For information pertaining to 
status or publication schedules, contact the FAR Secretariat at (202) 
501-4755.

SUPPLEMENTARY INFORMATION:

A. Background

    This final rule amends the Federal Acquisition Regulation to 
require contracting officers to incorporate the requirement for 
contractors to comply with agency verification procedures that 
implement Homeland Security Presidential Directive-12 (HSPD-12), Office 
of Management and Budget (OMB) guidance M-05-24, and Federal 
Information Processing Standards Publication (FIPS PUB) Number 201 when 
applicable to the work to be performed under the contract.
    DoD, GSA, and NASA published an interim rule in the Federal 
Register at 71 FR 208 on January 3, 2006. The 60-day comment period for 
the interim rule ended March 6, 2006. Five respondents provided 
comments. Most comments pointed out areas of concern and language that 
required clarification. The substantive comments are discussed below.

Public Comments

    Comment: One respondent requested the Government clarify/elaborate 
on the requirements to have subcontractors properly cleared.
    Response: Implementation of Homeland Security Presidential 
Directive (HSPD) 12 required by OMB memorandum M-05-24, Policy for a 
Common Identification Standard for Federal Employees and Contractors, 
follows the Federal Information Processing Standard Publication (FIPS 
PUB) 201 when individuals under contract with a Federal department or 
agency, requiring routine access to Federally-controlled facilities 
and/or Federally-controlled information systems, require identity 
credentials consistent with existing agency security policies. The need 
to have contactors meet the requirements of FIPS PUB 201, including 
background investigations, applies equally to contractors and 
subcontractors to the extent that subcontractors require routine access 
to Federally-controlled facilities and/or Federally-controlled 
information systems. As such, the Councils have revised the final rule 
to add the term ``routine'' to clarify that personal identity 
verification does not apply to all contractors and/or subcontractors.
    Comment: One respondent stated there is an overlap with Department 
of Defense Instruction (DoDI) 3020.41 (October 3, 2005) paragraph 
6.2.7.3 which states ``contingency contractor personnel shall be issued 
a standard Geneva Convention Card...U.S. citizens and selected other 
CDF will be issued a DoD Uniformed Services Identification and 
Privilege Card...'', and points out that FAC 2005-07 requires agencies 
to adopt and accredit a registration process consistent with the 
identity proofing, registrations and accreditation requirements in 
section 2.2 of FIPS [PUB] 201. The respondent asks will the requirement 
in DoDI 3020.41 satisfy the requirements of FAC 2005-07 for providing a 
personal identity card for contingency contractors? The respondent also 
asks does FAC 2005-07 duplicate or supplement the requirement in DoDI 
3020.41 or does it depend on the contingency status of the contractor?
    Response: Those contingency contractor personnel who receive a 
common access card (CAC), including those who receive a CAC based on 
the eligibility for a Geneva Conventions card, must comply with the 
identity proofing and vetting requirements of FIPS PUB 201, as the CAC 
represents DoD's implementation of the Personal Identity Verification 
(PIV) for Federal

[[Page 67772]]

Employees and Contractors standard. Policy change is currently in 
staffing to modify and update existing documents to comply with the 
heightened requirements. The current DoDI 3020.41 does not satisfy FIPS 
PUB 201 requirements; pending publication of the policy changes, FIPS 
PUB 201 must be considered additive to the requirements of DoDI 3020.1.
    Comment: One respondent highlights that the FIPS PUB 201 will be 
implemented in two phases, that the documents referenced in the interim 
rule are lengthy and a small business may not have the capability to 
download them, and that SBA may need to assist small businesses and/or 
provide training to make them competent in this arena. The respondent 
also stated that added administrative time is required for businesses 
and Federal agencies to incorporate the required contract 
modifications. The respondent also recommends that the standards 
required by parts 1 and 2 of the OMB memorandum (M-05-24) be outlined 
in the FAR clause at 52.204-9, and that the clause be added to 
solicitations and contracts in full text versus incorporation by 
reference.
    Response: The rule permits modifications to be executed according 
to agency procedures for FIPS PUB 201 implementation. The Councils 
consider the October 2007 date to be in full compliance with FIPS PUB 
201 and allow adequate time for agencies to establish a completion date 
to modify contracts thereby lessening any administrative burden. 
Agencies will establish their own procedures for complying with FIPS 
PUB 201, therefore the Councils do not want to give the appearance that 
the outline encompasses all facets of identity verification by 
including an outline in the clause. Because agency policy will 
implement FIPS PUB 201, agency resources should be available to assist 
small businesses with questions or concerns regarding their procedures. 
Adding the clause in solicitations and contracts by reference is the 
proper prescription, and the full text of clause 52.204-9 is available 
using the Internet. Nonetheless, a small business can receive 
clarification or a copy of the clause by contacting the contracting 
officer.
    Comment: One respondent commented that the interim rule is a 
significant regulatory action and suggested that the budgetary and 
administrative impact is so significant it should be a ``major rule'' 
that is subject to congressional review pursuant to 5 U.S.C. 801 et 
seq. and to the regulatory planning and review process under Executive 
Order 12866.
    Response: The budgetary and administrative resources to implement 
HSPD-12 are provided by the Government. The Councils have appropriately 
complied with the determination made by OMB's Office of Information and 
Regulatory Affairs that this rule is not significant, nor economically 
significant, nor a major rule.
    Comment: One respondent commented that the HSPD-12 requires 
agencies to ``complete and receive notification of results of the FBI 
National Criminal History check prior to credential issuance.'' Both 
requirements will significantly increase the demands placed on 
Government investigative services far beyond their current budgetary 
and manpower capabilities. The respondent provided an overview of the 
backlog OPM is currently experiencing. The respondent indicates that 
hundreds of thousands more investigations will be required by HSPD-12 
for government personnel, contractors, and subcontractors, and 
questions how the Government will handle the influx of contractor 
personnel. The respondent also stated the rule will cause an artificial 
increase in the number of investigations to ensure that personnel that 
may become critical to the contract performance are not excluded only 
because they do not have a government-issued I.D.
    Response: Attachment A to the OMB Memo M-05-24 dated August 5, 
2005, states that agencies should receive notification of results of 
the National Agency Checks before issuing a credential. However, the 
memo provides that the identity credential can be issued based on the 
FBI National Criminal History Check (fingerprint check) if the results 
are not received in 5 days. Because of this provision, the Councils 
have concluded that flexibilities exist to allow credentialing which 
may mitigate the impact of an increase in demand placed on 
investigative services. OPM is responsible for the investigative 
services and has procedures in place to handle the associated workload.
    Comment: One respondent expressed that a concern for industry is 
the potential impact of this rule on the performance of contracts by 
contractors and subcontractors, because the rule is silent on the 
consequences of Government investigative services not being completed 
in a timely fashion. The respondent questions if an agency is allowed 
beyond October 27, 2005 to continue to provide access to ``federally-
controlled facilities'' and/or ``federal information systems'' for 
contractors and subcontractors who are not yet adjudicated. Additional 
concern was expressed that a contractor or subcontractor would be 
barred from performing on a contract because the Government is unable 
to provide a final identity verification and successful criminal 
background check.
    Response: In reference to the OMB Memo M-05-24, agencies are 
instructed to initiate National Agency Checks by October 27, 2005. Full 
completion will occur over a specified time period. The guidance 
includes instruction for distinguishing adjudicated individuals from 
those that have not yet been adjudicated; it does not prohibit access. 
Each agency will follow its own implementation policy for access 
authorization when a final identity verification and successful 
criminal background check are pending. Therefore, the Councils do not 
anticipate that contractors or subcontractors will be barred from 
performing their contractual obligations.
    Comment: Two respondents question the course of action for 
contractors and subcontractors, including small and disadvantaged 
businesses, needing to obtain identity verification for their 
employees. It appears that the agency will be responsible for ensuring 
all contractor and subcontractor employees are able to complete the 
process, but such a sequence would indicate that verification occurs 
after award and employers who do not currently have adjudicated 
personnel would be required to delay performance on the contract until 
such time as a sufficient number of personnel can be adjudicated.
    Response: As stated in the response above, implementation of HSPD-
12 does not prohibit access to a Federally-controlled facility and/or 
Federally-controlled information system pending a final identity 
verification and successful criminal background check. Contractors must 
comply with agency procedures for access authorization when a final 
adjudication has not been issued. There is no intent to delay contract 
performance until a sufficient number of personnel can be adjudicated.
    Comment: One respondent stated the prospect of investigative delays 
would drive businesses that can offer the Government successful 
commercial solutions from the marketplace because the delays would 
impact performance, and suggests a solution is to start verifying 
identity before contract award. However, this option would exacerbate 
the problem of workload delays that

[[Page 67773]]

already plague the Government investigative services.
    Response: The Councils have been informed by OPM that the full 
extent to which HSPD-12 will create investigative delays is unknown. It 
is anticipated that cases received by OPM because of HSPD-12 
implementation, that would not otherwise have been received, will be 
almost exclusively for uncleared contractors. While the true size of 
this population is unknown, what is known is that a large number of 
agencies have been investigating uncleared contractors on a regular 
basis and the workload increase will be significantly smaller than if 
no activity had ever occurred. National Agency Check with Inquiries 
(NACI), the minimum investigation required for HSPD-12 compliance and 
personal identity verification (PIV) issuance, are not labor intensive. 
Once the case is data-entered, it is processed by automated systems. 
NACIs do not, other than in rare cases, require the use of field 
investigators. Further, PIV credentials can be issued upon favorable 
completion of the fingerprint portion of the NACI, which in most cases 
will be accomplished in a matter of days. The option of allowing 
contractors to begin the investigative process before contract award 
would create a far greater burden on the process. OPM is the authority 
on handling workload for investigative services, and has procedures to 
support implementation of HSPD-12.
    Comment: One respondent stated it supports the need for secure and 
reliable forms of identification, but it is not clear that the 
Government has sufficiently anticipated the full scale of the impact on 
investigative services, historical delays, nor the potential impact on 
contractors and subcontractor and Government contracting as a whole on 
the Government's ability to verify the personnel for every contractor 
and subcontractor requiring access to ``federal information systems'' 
and/or ``federally-controlled facilities.''
    Response: As stated in the above response, the Councils have been 
informed by OPM that the full extent to which HSPD-12 will create 
investigative delays is unknown, however, it is anticipated that cases 
received by OPM because of HSPD-12 implementation, that would not 
otherwise have been received, will almost exclusively be for uncleared 
contractors. OPM is responsible for handling investigative requests 
regarding HSPD-12 and has existing procedures to manage this type of 
workload.
    Comment: One respondent stated the Councils must require as part of 
the rule that agencies submit information to the Government 
investigative services. Citing the November 9, 2005 testimony of Linda 
Springer, Director of the Office of Personnel Management, to the Senate 
Subcommittee on Oversight of Government Management, the Federal 
Workforce and the District of Columbia, this information will at least 
provide the bases for adequate, reasonable and accurate annual 
estimates of the personnel and costs demands they will place upon the 
process.
    Response: In her November 9, 2005 testimony, Ms. Springer indicated 
that ``OPM will assist agencies in improving their workload forecasting 
by collecting quarterly data comparing agencies' annual workload 
projections with actual requests,'' and that OPM will continue to work 
toward reducing the time it takes to complete the process for 
investigative cases. The Councils support OPM's role in managing 
resources to perform investigations and OPM's procedures for gathering 
information for investigative services, and do not believe it is 
necessary to add further implementation requirements to this rule.
    Comment: One respondent states the FAR interim rule sets a 
mechanism for requiring contractors to comply with HSPD-12 that differs 
from the OMB guidance. Because DOE has implemented the appropriate 
mechanism to assure contractors comply with HSPD-12, implementation of 
the FAR rule will cause hardship to the Department. The FAR policy 
requires agencies to follow HSPD-12 and its associated guidance. The 
policy states ``agencies must follow FIPS 201 and OMB guidance for 
personal identity verification for all affected contractor and 
subcontractor personnel...'' This policy language indicates that the 
FAR interim rule is intended to further the requirements of FIPS 201 
and OMB guidance. This language clearly implies that for contractors 
which are not affected by HSPD-12, contracting officers do not have to 
include this clause.
    Response: The Councils did not intend to overstate requirements to 
implement FIPS PUB 201 and the OMB guidance and agree that contracting 
officers do not have to include the clause if contract performance does 
not require compliance with HSPD-12. The final rule clarifies that 
HSPD-12 applies when contractors and subcontractors require routine 
physical access to a Federally-controlled facility and/or routine 
access to a Federally-controlled information system.
    Comment: One respondent recommends that the FAR Interim Rule be 
modified for consistency with established HSPD-12 guidance, because the 
FAR requirement is not consistent with the recently amended FIPS PUB 
201 and the OMB memorandum M-05-24. In particular, promulgation of the 
final rule as written could result in substantial confusion among the 
Federal agency employees and contractors who are assigned to implement 
HSPD-12 at large Federal agencies. The respondent listed items in the 
FAR interim rule which are different from the OMB memo including the 
definition of Federally-controlled facilities; the use of ``Federal 
Information System'' instead of ``Federally Controlled Information 
System''; the omission of ``facilities under a management and operation 
contract''; the exception for ``education institution''; and the 
expansion of the definition of ``Federally owned buildings and leased 
space'' to include property interests controlled by any department or 
agency.
    Response: The Councils have reviewed updated FIPS PUB 201 guidance 
and have revised the definitions in the final rule for Federally-
controlled facilities and Federally-controlled information systems to 
be consistent with the OMB Memo M-05-24, dated August 5, 2005.
    This is not a significant regulatory action and, therefore, was not 
subject to review under Section 6(b) of Executive Order 12866, 
Regulatory Planning and Review, dated September 30, 1993. This rule is 
not a major rule under 5 U.S.C. 804.

B. Regulatory Flexibility Act

    The changes may have a significant economic impact on a substantial 
number of small entities within the meaning of the Regulatory 
Flexibility Act, 5 U.S.C. 601, et seq., because all entities that hold 
contracts or wish to hold contracts that require their personnel to 
have access to Federally-controlled facilities or information systems 
will be required to employ on Government contracts only employees who 
meet the standards for being credentialed and expend resources 
necessary to help employees fill out the forms for credentialing. The 
Councils prepared a Final Regulatory Flexibility Analysis (FRFA), and 
it is summarized as follows:
    1. Statement of need for, and objectives of, the rule.
    This rule amends the Federal Acquisition Regulation to implement 
the Homeland Security Presidential Directive (HSPD) 12, ``Policy for 
a Common Identification Standard for Federal Employees and 
Contractors,'' dated August 27, 2004. HSPD 12 requires the 
development and agency implementation of a mandatory

[[Page 67774]]

Governmentwide standard for secure and reliable forms of 
identification for Federal employees and contractors, including 
contractor employees.
    2. Summary of significant issues raised by the public comments 
in response to the Initial Regulatory Flexibility Analysis (IRFA), a 
summary of the assessment of the agency of such issues, and a 
statement of any changes made in the interim rule as a result of 
such comments.
    An interim rule was published in the Federal Register at 71 FR 
208 on January 3, 2006. The Councils considered all of the comments 
in finalizing the rule. An Initial Regulatory Flexibility Analysis 
was performed. One respondent highlights that the FIPS PUB 201 will 
be implemented in two phases, that the documents referenced in the 
interim rule are lengthy and a small business may not have the 
capability to download them, and that SBA may need to assist small 
businesses and/or provide training to make them competent in this 
arena. The respondent also stated that added administrative time is 
required for businesses and Federal agencies to incorporate the 
required contract modifications. The councils consider the October 
2007 date to be in full compliance with FIPS PUB 201 and allow 
adequate time for agencies to establish a completion date to modify 
contracts thereby lessening any administrative burden. Because 
agency policy will implement FIPS PUB 201, agency resources should 
be available to assist small businesses with questions or concerns 
regarding their procedures.
    3. Description of, and an estimate of the number of, small 
entities to which the rule will apply or an explanation of why no 
such estimate is available.
    This rule will apply to all large and small businesses that seek 
awards when contract performance requires contractors and/or 
subcontractors to have routine physical access to a Federally-
controlled facility and/or routine access to a Federally-controlled 
information system. A precise estimate of the number of small 
entities that fall within the rule is not currently feasible because 
it would include both contractors who perform in Government-owned 
space as well as those who perform in Government-leased space 
(including employees of the lessor and its contractors).
    The Councils did not receive any comments on this issue from 
small business concerns or other interested parties in response to 
the Initial Regulatory Flexibility Analysis.
    4. Description of the projected reporting, recordkeeping, and 
other compliance requirements of the rule, including an estimate of 
the classes of small entities which will be subject to the 
requirement and the type of professional skills necessary for 
preparation of the report or record.
    The rule does not directly require reporting, recordkeeping or 
other compliance requirements within the meaning of the Paperwork 
Reduction Act (PRA). The rule does require that any entity, 
including small businesses that will be performing a contract that 
requires its employees to have access to Federal facilities or 
information systems, submit information on their employees. Such 
information will include a personnel history for each employee 
having access to a Federal facility or information system for a 
period exceeding 6 months. Although the forms involved are similar 
to a standard application for employment that is used by many 
companies, it is envisioned that some employers, especially those 
using non-skilled or semi-skilled laborers, will need to help their 
employees complete the form. It is estimated that each applicant 
will spend approximately 30 minutes completing the form.
    Five respondents provided public comments in response to the 
interim rule. The public expressed concern that downloading large 
documents may be problematic for small business concerns, there will 
be a significant increase workload for OPM resources who provide 
investigative services that may cause a delay and prohibit a 
contractor's ability to start performance while awaiting 
adjudication, and the interim rule overstated the credentialing 
requirements by referencing all contractors and subcontractors. The 
responses to public comments in the final rule preamble address 
these comments.
    Agencies must adopt the technical standards for an approved 
identity proofing and registration process established by Federal 
Information Processing Standard Publication (FIPS PUB) 201, and 
establish their own implementation policy. The real implementation 
of this directive will occur at the agency level. Agencies should be 
prepared to assist contractors with questions or concerns about the 
agency policy.
    5. Description of steps the agency has taken to minimize 
significant economic impact on small entities consistent with the 
stated objectives of applicable statutes, including a statement of 
the factual, policy, and legal reasons for selecting the alternative 
adopted in the final rule and why each of the other significant 
alternatives to the rule considered by the agency was rejected.
    There are no known significant alternatives that will accomplish 
the objectives of the rule. No alternatives were proposed during the 
public comment period.
    The FAR Secretariat has submitted a copy of the FRFA to the Chief 
Counsel for Advocacy of the Small Business Administration. Interested 
parties may obtain a copy from the FAR Secretariat. The Councils will 
consider comments from small entities concerning the affected FAR Parts 
2, 4, 7, and 52 in accordance with 5 U.S.C. 610. Interested parties 
must submit such comments separately and should cite 5 U.S.C. 601, et 
seq. (FAC 2005-14, FAR Case 2005-015), in correspondence.

C. Paperwork Reduction Act

    The Paperwork Reduction Act does not apply because the changes to 
the FAR do not impose information collection requirements that require 
the approval of the Office of Management and Budget under 44 U.S.C. 
3501, et seq.

List of Subjects in 48 CFR Parts 2, 4, 7, and 52

    Government procurement.

    Dated: November 15, 2006.
Ralph De Stefano,
Director, Contract Policy Division.

Interim Rule Adopted as Final with Changes

0
Accordingly, DoD, GSA, and NASA adopt the interim rule amending 48 CFR 
parts 2, 4, 7, and 52, which was published in the Federal Register at 
71 FR 208, January 3, 2006, as a final rule with the following changes:
0
1. The authority citation for 48 CFR parts 2, 4, 7, and 52 continues to 
read as follows:

    Authority:  40 U.S.C. 121(c); 10 U.S.C. chapter 137; and 42 
U.S.C. 2473(c).

PART 2--DEFINITIONS OF WORDS AND TERMS

0
2. Amend section 2.101 in paragraph (b)(2) by removing the definition 
``Federal information system''; revising the definition ``Federally-
controlled facilities''; and adding the definition ``Federally-
controlled information system'' to read as follows:


2.101  Definitions.

* * * * *
    (b) * * *
    (2) * * *
    Federally-controlled facilities means--
    (1) Federally-owned buildings or leased space, whether for single 
or multi-tenant occupancy, and its grounds and approaches, all or any 
portion of which is under the jurisdiction, custody or control of a 
department or agency;
    (2) Federally-controlled commercial space shared with non-
government tenants. For example, if a department or agency leased the 
10th floor of a commercial building, the Directive applies to the 10th 
floor only;
    (3) Government-owned, contractor-operated facilities, including 
laboratories engaged in national defense research and production 
activities; and
    (4) Facilities under a management and operating contract, such as 
for the operation, maintenance, or support of a Government-owned or 
Government-controlled research, development, special production, or 
testing establishment.
    Federally-controlled information system means an information system 
(44 U.S.C. 3502(8) used or operated by a Federal agency, or a 
contractor or other

[[Page 67775]]

organization on behalf of the agency (44 U.S.C. 3544(a)(1)(A)).
* * * * *

PART 4--ADMINISTRATIVE MATTERS

0
3. Revise section 4.1300 in paragraphs (a) and (b) and section 4.1301 
to read as follows:


4.1300  Policy.

    (a) Agencies must follow Federal Information Processing Standards 
Publication (FIPS PUB) Number 201, ``Personal Identity Verification of 
Federal Employees and Contractors,'' as amended, and the associated 
Office of Management and Budget (OMB) implementation guidance as 
amended, for personal identity verification for all affected contractor 
and subcontractor personnel when contract performance requires 
contractors to have routine physical access to a Federally-controlled 
facility and/or routine access to a Federally-controlled information 
system.
    (b) Agencies must include their implementation of FIPS PUB 201 as 
amended, and OMB guidance M-05-24, dated August 5, 2005, as amended, in 
solicitations and contracts that require the contractor to have routine 
physical access to a Federally-controlled facility and/or routine 
access to a Federally-controlled information system.
* * * * *


4.1301  Contract clause.

    The contracting officer shall insert the clause at 52.204-9, 
Personal Identity Verification of Contractor Personnel, in 
solicitations and contracts when contract performance requires 
contractors to have routine physical access to a Federally-controlled 
facility and/or routine access to a Federally-controlled information 
system. The clause shall not be used when contractors require only 
intermittent access to Federally-controlled facilities.

PART 7--ACQUISITION PLANNING

0
4. Amend section 7.105 by revising the last sentence in paragraph 
(b)(17) to read as follows:


7.105  Contents of written acquisition plans.

* * * * *
    (b) * * *
    (17) Security considerations. * * * For acquisitions requiring 
routine contractor physical access to a Federally-controlled facility 
and/or routine access to a Federally-controlled information system, 
discuss how agency requirements for personal identity verification of 
contractors will be met (see Subpart 4.13).
* * * * *

PART 52--SOLICITATION PROVISIONS AND CONTRACT CLAUSES

0
5. Amend section 52.204-9 by revising the date of the clause to read 
``(NOV 2006)''; and revising paragraphs (a) and (b) to read as follows:


52.204-9  Personal Identity Verification of Contractor Personnel.

* * * * *
    (a) The Contractor shall comply with agency personal identity 
verification procedures identified in the contract that implement 
Homeland Security Presidential Directive-12 (HSPD-12), Office of 
Management and Budget (OMB) guidance M-05-24, as amended, and Federal 
Information Processing Standards Publication (FIPS PUB) Number 201, as 
amended.
    (b) The Contractor shall insert this clause in all subcontracts 
when the subcontractor is required to have routine physical access to a 
Federally-controlled facility and/or routine access to a Federally-
controlled information system.
    (End of clause)
[FR Doc. 06-9308 Filed 11-21-06; 8:45 am]
BILLING CODE 6820-EP-S