Federal Acquisition Regulation; FAR Case 2005-017, Requirement to Purchase Approved Authentication Products and Services, 46333-46335 [07-3795]
Download as PDF
<![CDATA[
Federal Register / Vol. 72, No. 159 / Friday, August 17, 2007 / Rules and Regulations
Review, dated September 30, 1993. This
rule is not a major rule under 5 U.S.C.
804.
DEPARTMENT OF DEFENSE
GENERAL SERVICES
ADMINISTRATION
B. Regulatory Flexibility Act
NATIONAL AERONAUTICS AND
SPACE ADMINISTRATION
48 CFR Parts 4, 12, 14, and 15
[FAC 2005–19; FAR Case 2005–025; Item
III; Docket 2006–0020; Sequence 4]
RIN 9000–AK56
Federal Acquisition Regulation; FAR
Case 2005–025; Online
Representations and Certifications
Application Archiving Capability
Department of Defense (DoD),
General Services Administration (GSA),
and National Aeronautics and Space
Administration (NASA).
ACTION: Final rule.
AGENCIES:
SUMMARY: The Civilian Agency
Acquisition Council and the Defense
Acquisition Regulations Council
(Councils) have agreed to adopt the
interim rule published in the Federal
Register at 71 FR 57362, September 28,
2006, as a final rule without change.
This final rule amends the Federal
Acquisition Regulation (FAR) to address
the record retention policy where the
Online Representations and
Certifications Application (ORCA) is
used to submit an offeror’s
representations and certification.
DATES: Effective Date: August 17, 2007.
FOR FURTHER INFORMATION CONTACT: Mr.
Ernest Woodson, Procurement Analyst,
at (202) 501–3775 for clarification of
content. For information pertaining to
status or publication schedules, contact
the FAR Secretariat at (202) 501–4755.
Please cite FAC 2005–19, FAR case
2005–025.
SUPPLEMENTARY INFORMATION:
sroberts on PROD1PC70 with RULES
A. Background
DoD, GSA, and NASA published an
interim rule with request for comments
in the Federal Register at 71 FR 57362,
September 28, 2006. This final rule
amends the Federal Acquisition
Regulation to address the record
retention policy where the Online
Representations and Certifications
Application (ORCA) is used to submit
an offeror’s representations and
certifications.
The comment period closed
November 27, 2006. One respondent
submitted comments.
This is not a significant regulatory
action and, therefore, was not subject to
review under Section 6(b) of Executive
Order 12866, Regulatory Planning and
VerDate Aug<31>2005
16:40 Aug 16, 2007
Jkt 211001
The Department of Defense, the
General Services Administration, and
the National Aeronautics and Space
Administration certify that this final
rule will not have a significant
economic impact on a substantial
number of small entities within the
meaning of the Regulatory Flexibility
Act, 5 U.S.C. 601, et seq., because the
rule addresses management of contract
files and clarifies existing procedures
and practices used by Government
contracting officers in making contract
award decisions. The rule does not
impose new requirements that impose a
burden on contractors. No comments
were received with regard to an impact
on small business.
C. Paperwork Reduction Act
The Paperwork Reduction Act does
not apply because the changes to the
FAR do not impose information
collection requirements that require the
approval of the Office of Management
and Budget under 44 U.S.C. 3501, et
seq.
List of Subjects in 48 CFR Parts 4, 12,
14, and 15
Government procurement.
Dated: July 30, 2007.
Al Matera,
Acting Director, Contract Policy Division.
Interim Rule Adopted as Final Without
Change
Accordingly, the interim rule
amending 48 CFR parts 4, 12, 14, and
15 which was published at 71 FR 57362
on September 28, 2006, is adopted as a
final rule without change.
I
[FR Doc. 07–3794 Filed 8–16–07; 8:45 am]
BILLING CODE 6820–EP–S
PO 00000
46333
DEPARTMENT OF DEFENSE
GENERAL SERVICES
ADMINISTRATION
NATIONAL AERONAUTICS AND
SPACE ADMINISTRATION
48 CFR Parts 4 and 52
[FAC 2005–19; FAR Case 2005–017; Item
IV; Docket 2006–0020; Sequence 6]
RIN 9000–AK53
Federal Acquisition Regulation; FAR
Case 2005–017, Requirement to
Purchase Approved Authentication
Products and Services
Department of Defense (DoD),
General Services Administration (GSA),
and National Aeronautics and Space
Administration (NASA).
ACTION: Final rule.
AGENCIES:
SUMMARY: The Civilian Agency
Acquisition Council and the Defense
Acquisition Regulations Council
(Councils) have agreed on a final rule
amending the Federal Acquisition
Regulation (FAR) to address the
acquisition of products and services for
personal identity verification that
comply with requirements in Homeland
Security Presidential Directive (HSPD)
12, ‘‘Policy for a Common Identification
Standard for Federal Employees and
Contractors,’’ and Federal Information
Processing Standards Publication (FIPS
PUB) 201, ‘‘Personal Identity
Verification of Federal Employees and
Contractors.’’
DATES:
Effective Date: September 17,
2007.
For
clarification of content, contact Mr.
Michael Jackson, Procurement Analyst,
at (202) 208–4949. Please cite FAC
2005–19, FAR case 2005–017. For
information pertaining to status or
publication schedules, contact the FAR
Secretariat at (202) 501–4755.
SUPPLEMENTARY INFORMATION:
FOR FURTHER INFORMATION CONTACT:
A. Background
This final rule amends the Federal
Acquisition Regulation to address the
acquisition of products and services.
DoD, GSA, and NASA published a
proposed rule in the Federal Register at
71 FR 49405 on August 23, 2006. The
Councils received no comments on the
proposed rule. Therefore, the Councils
have adopted the proposed rule as a
final rule with minor editorial and
baseline changes.
Increasingly, contractors are required
to have physical access to Federally-
Frm 00011
Fmt 4701
Sfmt 4700
E:\FR\FM\17AUR2.SGM
17AUR2
sroberts on PROD1PC70 with RULES
46334
Federal Register / Vol. 72, No. 159 / Friday, August 17, 2007 / Rules and Regulations
controlled facilities and information
systems in the performance of
Government contracts. On August 27,
2004, in response to the general threat
of unauthorized access to physical
facilities and information systems, the
President issued Homeland Security
Presidential Directive (HSPD) 12. The
primary objectives of HSPD–12 are to
establish a process to enhance security,
increase Government efficiency, reduce
identity fraud, and protect personal
privacy by establishing a mandatory,
Government-wide standard for secure
and reliable forms of identification
issued by the Federal Government to its
employees and contractors. In
accordance with HSPD–12, the
Secretary of Commerce issued on
February 25, 2005, Federal Information
Processing Standards Publication (FIPS
PUB) 201, Personal Identity Verification
of Federal Employees and Contractors,
to establish a Governmentwide standard
for secure and reliable forms of
identification for Federal and contractor
employees. FIPS PUB 201 is available at
https://csrc.nist.gov/publications/fips/
index.html. The Office of Management
and Budget (OMB) associated guidance,
M–05–24, dated August 5, 2005, can be
found at https://www.whitehouse.gov/
omb/memoranda/fy2005/m05–24.pdf.
In accordance with requirements in
HSPD–12 and OMB Memorandum M–
05–24, agencies—
(a) Must issue and require the use of
identity credentials that are compliant
with the technical requirements of FIPS
PUB 201 and associated guidance issued
by the National Institute for Standards
and Technology in the areas of personal
authentication, access controls and card
management; and
(b) May acquire authentication
products and services that are approved
to be compliant with the FIPS PUB 201
through Special Item Number (SIN)
132–62, HSPD–12 Product and Service
Components, made available by GSA
under Federal Supply Schedule 70. GSA
has developed an informational website
(https://www.idmanagement.gov/) that
will provide a one-stop shop for
citizens, businesses, and government
entities interested in identity
management activities. The site
provides information on HSPD–12 and
eAuthentication acquisition vehicles
and processes.
The rule amends the FAR by revising
FAR Subpart 4.13 by adding two new
sections on the scope of the subpart, and
the acquisition of approved products
and services; the existing subpart
sections are revised and renumbered.
This is not a significant regulatory
action and, therefore, was not subject to
review under Section 6(b) of Executive
VerDate Aug<31>2005
16:40 Aug 16, 2007
Jkt 211001
Order 12866, Regulatory Planning and
Review, dated September 30, 1993. This
rule is not a major rule under 5 U.S.C.
804.
B. Regulatory Flexibility Act
The changes may have a significant
economic impact on a substantial
number of small entities within the
meaning of the Regulatory Flexibility
Act, 5 U.S.C. 601, et seq., because
HSPD–12 requires agencies to procure
Personal Identity Verification (PIV)
products and services that comply with
the Federal Information Processing
Standards Publication (FIPS PUB) 201
standard. NIST has established the NIST
Personal Identity Verification Program
(NPIVP) (https://csrc.nist.gov/npivp) to
validate PIV components and
subsystems required by FIPS PUB 201
that meet the NPIVP requirements. The
validation tests are performed by third
party laboratories that are accredited
through NIST’s National Voluntary
Laboratory Accreditation Program.
Vendors are required to obtain
validation testing and certification from
an accredited laboratory. The testing is
performed on a fee basis. The number
and extent of testing will depend on the
nature of the product or service being
tested. The test protocols are still under
development. The impact on small
entities will, therefore, be variable
depending on the nature of the product/
service being validated. These standards
and testing policies may affect small
business concerns in terms of their
ability to compete and win Federal
contracts. The extent of the effect and
impact on small business concerns is
unknown and will vary by product and
service due to the wide variances among
product and service functionality and
design.
The Regulatory Flexibility Act, 5
U.S.C. 601, et seq., applies to this final
rule. The Councils prepared a Final
Regulatory Flexibility Analysis (FRFA),
and it is summarized as follows:
1. Succinct statement of the need for, and
the objectives of, the rule.
The rule implements the provisions of
HSPD–12 that require agencies to purchase
PIV products and services that are approved
to comply with the FIPS PUB 201 standard
and that are interoperable among agencies.
2. Summary of the significant issues raised
by the public comments in response to the
initial regulatory flexibility analysis, a
summary of the assessment of the agency of
such issues, and a statement of any changes
made in the proposed rule as a result of such
comments.
This final rule amends the Federal
Acquisition Regulation to implement the
provisions of Homeland Security Presidential
Directive 12 (HSPD–12) and Federal
Information Processing Standards
Publication Number 201(FIPS PUB 201). The
PO 00000
Frm 00012
Fmt 4701
Sfmt 4700
DAR Council and the CAAC published a
proposed rule in the Federal Register at 71
FR 49405, August 23, 2006. Public comments
were due on or before October 23, 2006, to
be considered in the formulation of the final
rule. No public comments were received.
3. Description of and an estimate of the
number of small entities to which the rule
will apply or an explanation of why no such
estimate is available.
The FAR rule requires that agencies
acquire PIV products and services that
comply with the FIPS PUB 201 standard. The
impact on small entities will, therefore, vary
depending on the approval process for
vendor products and services.
4. Description of the projected reporting,
recordkeeping and other compliance
requirements of the rule, including an
estimate of the classes of small entities
which will be subject to the requirement and
the type of professional skills necessary for
preparation of the report or record.
The rule does not impose any new
reporting, recordkeeping, or compliance
requirements.
5. Description of the steps the agency has
taken to minimize the significant economic
impact on small entities consistent with the
stated objectives of applicable statutes,
including a statement of the factual, policy,
and legal reasons for selecting the
alternative adopted in the final rule and why
each one of the other significant alternatives
to the rule considered by the agency was
rejected.
Vendors are required to obtain validation
testing and certification from an accredited
laboratory. The testing is performed on a fee
basis. The number and extent of testing will
depend on the nature of the product or
service being tested. The test protocols are
still under development. The impact on
small entities will, therefore, be variable
depending on the nature of the product/
service being validated. These standards and
testing policies may affect small business
concerns in terms of their ability to compete
and win Federal contracts. The extent of the
effect and impact on small business concerns
is unknown and will vary by product and
service due to the wide variances among
product and service functionality and design.
The FAR Secretariat has submitted a
copy of the FRFA to the Chief Counsel
for Advocacy of the Small Business
Administration. Interested parties may
obtain a copy from the FAR Secretariat.
The Councils will consider comments
from small entities concerning the
affected FAR Parts 4 and 52 in
accordance with 5 U.S.C. 610. Interested
parties must submit such comments
separately and should cite 5 U.S.C. 601,
et seq. (FAC 2005–19, FAR Case 2005–
017), in correspondence.
C. Paperwork Reduction Act
The Paperwork Reduction Act does
not apply because the changes to the
FAR do not impose information
collection requirements that require the
approval of the Office of Management
and Budget under 44 U.S.C. 3501, et
seq.
E:\FR\FM\17AUR2.SGM
17AUR2
Federal Register / Vol. 72, No. 159 / Friday, August 17, 2007 / Rules and Regulations
(c) Agencies must designate an official
responsible for verifying contractor
employee personal identity.
List of Subjects in 48 CFR Parts 4 and
52
Government procurement.
4.1302 Acquisition of approved products
and services for personal identity
verification.
Dated: July 30, 2007.
Al Matera,
Acting Director, Contract Policy Division.
Therefore, DoD, GSA, and NASA
amend 48 CFR parts 4 and 52 as set
forth below:
I 1. The authority citation for 48 CFR
parts 4 and 52 continues to read as
follows:
I
Authority: 40 U.S.C. 121(c); 10 U.S.C.
chapter 137; and 42 U.S.C. 2473(c).
PART 4—ADMINISTRATIVE MATTERS
2. Revise subpart 4.13 to read as
follows:
I
Subpart 4.13—Personal Identity Verification
Sec.
4.1300 Scope of subpart.
4.1301 Policy.
4.1302 Acquisition of approved products
and services for personal identity
verification.
4.1303 Contract clause.
Subpart 4.13—Personal Identity
Verification
4.1300
Scope of subpart.
This subpart provides policy and
procedures associated with Personal
Identity Verification as required by—
(a) Federal Information Processing
Standards Publication (FIPS PUB)
Number 201, ‘‘Personal Identity
Verification of Federal Employees and
Contractors’’; and
(b) Office of Management and Budget
(OMB) Guidance M–05–24, dated
August 5, 2005, ‘‘Implementation of
Homeland Security Presidential
Directive (HSPD) 12—Policy for a
Common Identification Standard for
Federal Employees and Contractors.’’
sroberts on PROD1PC70 with RULES
4.1301
Policy.
(a) Agencies must follow FIPS PUB
Number 201 and the associated OMB
implementation guidance for personal
identity verification for all affected
contractor and subcontractor personnel
when contract performance requires
contractors to have routine physical
access to a Federally-controlled facility
and/or routine access to a Federallycontrolled information system.
(b) Agencies must include their
implementation of FIPS PUB 201 and
OMB Guidance M–05–24 in
solicitations and contracts that require
the contractor to have routine physical
access to a Federally-controlled facility
and/or routine access to a Federallycontrolled information system.
VerDate Aug<31>2005
16:40 Aug 16, 2007
Jkt 211001
(a) In order to comply with FIPS PUB
201, agencies must purchase only
approved personal identity verification
products and services.
(b) Agencies may acquire the
approved products and services from
the GSA, Federal Supply Schedule 70,
Special Item Number (SIN) 132–62,
HSPD–12 Product and Service
Components, in accordance with
ordering procedures outlined in FAR
Subpart 8.4.
(c) When acquiring personal identity
verification products and services not
using the process in paragraph (b) of
this section, agencies must ensure that
the applicable products and services are
approved as compliant with FIPS PUB
201 including—
(1) Certifying the products and
services procured meet all applicable
Federal standards and requirements;
(2) Ensuring interoperability and
conformance to applicable Federal
standards for the lifecycle of the
components; and
(3) Maintaining a written plan for
ensuring ongoing conformance to
applicable Federal standards for the
lifecycle of the components.
(d) For more information on personal
identity verification products and
services see https://
www.idmanagement.gov.
4.1303
Contract clause.
The contracting officer shall insert the
clause at 52.204–9, Personal Identity
Verification of Contractor Personnel, in
solicitations and contracts when
contract performance requires
contractors to have routine physical
access to a Federally-controlled facility
and/or routine access to a Federallycontrolled information system. The
clause shall not be used when
contractors require only intermittent
access to Federally-controlled facilities.
PART 52—SOLICITATION PROVISIONS
AND CONTRACT CLAUSES
3. Amend section 52.204–9 by—
a. Removing from the introductory
text of the clause ‘‘4.1301’’ and adding
‘‘4.1303’’ in its place;
I b. Revising the date of clause to read
‘‘(SEP 2007)’’; and
I c. Removing from paragraph (a) ‘‘as
amended,’’ and ‘‘,as amended’’.
I
I
[FR Doc. 07–3795 Filed 8–16–07; 8:45 am]
BILLING CODE 6820–EP–S
PO 00000
Frm 00013
Fmt 4701
Sfmt 4700
46335
DEPARTMENT OF DEFENSE
GENERAL SERVICES
ADMINISTRATION
NATIONAL AERONAUTICS AND
SPACE ADMINISTRATION
48 CFR Parts 12, 22 and 52
[FAC 2005–19; FAR Case 2005–012; Item
V; Docket 2006–0020; Sequence 1]
RIN 9000–AK31
Federal Acquisition Regulation; FAR
Case 2005–012, Combating Trafficking
in Persons (Revised Interim Rule)
Department of Defense (DoD),
General Services Administration (GSA),
and National Aeronautics and Space
Administration (NASA).
ACTION: Interim rule with request for
comments.
AGENCIES:
SUMMARY: The Civilian Agency
Acquisition Council and the Defense
Acquisition Regulations Council
(Councils) have agreed on an interim
rule amending the Federal Acquisition
Regulation (FAR) to implement 22
U.S.C. 7104(g). This statute requires that
contracts must include a provision that
authorizes the department or agency to
terminate the contract, if the contractor
or any subcontractor engages in
trafficking in persons. This interim rule
contains a clause to be used in all
contracts.
Effective Date: August 17, 2007.
Comment Date: Interested parties
should submit written comments to the
FAR Secretariat on or before October 16,
2007 to be considered in the
formulation of a final rule.
ADDRESSES: Submit comments
identified by FAC 2005–19, FAR case
2005–012, by any of the following
methods:
• Federal eRulemaking Portal:https://
www.regulations.gov. Search for any
document by first selecting the proper
document types and selecting ‘‘Federal
Acquisition Regulation’’ as the agency
of choice. At the ‘‘Keyword’’ prompt,
type in the FAR case number (for
example, FAR Case 2006–001) and click
on the ‘‘Submit’’ button. Please include
your name and company name (if any)
inside the document.
You may also search for any
document by clicking on the ‘‘Advanced
search/document search’’ tab at the top
of the screen, selecting from the agency
field ‘‘Federal Acquisition Regulation’’,
and typing the FAR case number in the
keyword field. Select the ‘‘Submit’’
button.
• Fax: 202–501–4067.
DATES:
E:\FR\FM\17AUR2.SGM
17AUR2
]]>Agencies
[Federal Register Volume 72, Number 159 (Friday, August 17, 2007)]
[Rules and Regulations]
[Pages 46333-46335]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 07-3795]
-----------------------------------------------------------------------
DEPARTMENT OF DEFENSE
GENERAL SERVICES ADMINISTRATION
NATIONAL AERONAUTICS AND SPACE ADMINISTRATION
48 CFR Parts 4 and 52
[FAC 2005-19; FAR Case 2005-017; Item IV; Docket 2006-0020; Sequence 6]
RIN 9000-AK53
Federal Acquisition Regulation; FAR Case 2005-017, Requirement to
Purchase Approved Authentication Products and Services
AGENCIES: Department of Defense (DoD), General Services Administration
(GSA), and National Aeronautics and Space Administration (NASA).
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Civilian Agency Acquisition Council and the Defense
Acquisition Regulations Council (Councils) have agreed on a final rule
amending the Federal Acquisition Regulation (FAR) to address the
acquisition of products and services for personal identity verification
that comply with requirements in Homeland Security Presidential
Directive (HSPD) 12, ``Policy for a Common Identification Standard for
Federal Employees and Contractors,'' and Federal Information Processing
Standards Publication (FIPS PUB) 201, ``Personal Identity Verification
of Federal Employees and Contractors.''
DATES: Effective Date: September 17, 2007.
FOR FURTHER INFORMATION CONTACT: For clarification of content, contact
Mr. Michael Jackson, Procurement Analyst, at (202) 208-4949. Please
cite FAC 2005-19, FAR case 2005-017. For information pertaining to
status or publication schedules, contact the FAR Secretariat at (202)
501-4755.
SUPPLEMENTARY INFORMATION:
A. Background
This final rule amends the Federal Acquisition Regulation to
address the acquisition of products and services.
DoD, GSA, and NASA published a proposed rule in the Federal
Register at 71 FR 49405 on August 23, 2006. The Councils received no
comments on the proposed rule. Therefore, the Councils have adopted the
proposed rule as a final rule with minor editorial and baseline
changes.
Increasingly, contractors are required to have physical access to
Federally-
[[Page 46334]]
controlled facilities and information systems in the performance of
Government contracts. On August 27, 2004, in response to the general
threat of unauthorized access to physical facilities and information
systems, the President issued Homeland Security Presidential Directive
(HSPD) 12. The primary objectives of HSPD-12 are to establish a process
to enhance security, increase Government efficiency, reduce identity
fraud, and protect personal privacy by establishing a mandatory,
Government-wide standard for secure and reliable forms of
identification issued by the Federal Government to its employees and
contractors. In accordance with HSPD-12, the Secretary of Commerce
issued on February 25, 2005, Federal Information Processing Standards
Publication (FIPS PUB) 201, Personal Identity Verification of Federal
Employees and Contractors, to establish a Governmentwide standard for
secure and reliable forms of identification for Federal and contractor
employees. FIPS PUB 201 is available at https://csrc.nist.gov/
publications/fips/. The Office of Management and Budget (OMB)
associated guidance, M-05-24, dated August 5, 2005, can be found at
https://www.whitehouse.gov/omb/memoranda/fy2005/m05-24.pdf.
In accordance with requirements in HSPD-12 and OMB Memorandum M-05-
24, agencies--
(a) Must issue and require the use of identity credentials that are
compliant with the technical requirements of FIPS PUB 201 and
associated guidance issued by the National Institute for Standards and
Technology in the areas of personal authentication, access controls and
card management; and
(b) May acquire authentication products and services that are
approved to be compliant with the FIPS PUB 201 through Special Item
Number (SIN) 132-62, HSPD-12 Product and Service Components, made
available by GSA under Federal Supply Schedule 70. GSA has developed an
informational website (https://www.idmanagement.gov/) that will provide
a one-stop shop for citizens, businesses, and government entities
interested in identity management activities. The site provides
information on HSPD-12 and eAuthentication acquisition vehicles and
processes.
The rule amends the FAR by revising FAR Subpart 4.13 by adding two
new sections on the scope of the subpart, and the acquisition of
approved products and services; the existing subpart sections are
revised and renumbered.
This is not a significant regulatory action and, therefore, was not
subject to review under Section 6(b) of Executive Order 12866,
Regulatory Planning and Review, dated September 30, 1993. This rule is
not a major rule under 5 U.S.C. 804.
B. Regulatory Flexibility Act
The changes may have a significant economic impact on a substantial
number of small entities within the meaning of the Regulatory
Flexibility Act, 5 U.S.C. 601, et seq., because HSPD-12 requires
agencies to procure Personal Identity Verification (PIV) products and
services that comply with the Federal Information Processing Standards
Publication (FIPS PUB) 201 standard. NIST has established the NIST
Personal Identity Verification Program (NPIVP) (https://csrc.nist.gov/
npivp) to validate PIV components and subsystems required by FIPS PUB
201 that meet the NPIVP requirements. The validation tests are
performed by third party laboratories that are accredited through
NIST's National Voluntary Laboratory Accreditation Program.
Vendors are required to obtain validation testing and certification
from an accredited laboratory. The testing is performed on a fee basis.
The number and extent of testing will depend on the nature of the
product or service being tested. The test protocols are still under
development. The impact on small entities will, therefore, be variable
depending on the nature of the product/service being validated. These
standards and testing policies may affect small business concerns in
terms of their ability to compete and win Federal contracts. The extent
of the effect and impact on small business concerns is unknown and will
vary by product and service due to the wide variances among product and
service functionality and design.
The Regulatory Flexibility Act, 5 U.S.C. 601, et seq., applies to
this final rule. The Councils prepared a Final Regulatory Flexibility
Analysis (FRFA), and it is summarized as follows:
1. Succinct statement of the need for, and the objectives of,
the rule.
The rule implements the provisions of HSPD-12 that require
agencies to purchase PIV products and services that are approved to
comply with the FIPS PUB 201 standard and that are interoperable
among agencies.
2. Summary of the significant issues raised by the public
comments in response to the initial regulatory flexibility analysis,
a summary of the assessment of the agency of such issues, and a
statement of any changes made in the proposed rule as a result of
such comments.
This final rule amends the Federal Acquisition Regulation to
implement the provisions of Homeland Security Presidential Directive
12 (HSPD-12) and Federal Information Processing Standards
Publication Number 201(FIPS PUB 201). The DAR Council and the CAAC
published a proposed rule in the Federal Register at 71 FR 49405,
August 23, 2006. Public comments were due on or before October 23,
2006, to be considered in the formulation of the final rule. No
public comments were received.
3. Description of and an estimate of the number of small
entities to which the rule will apply or an explanation of why no
such estimate is available.
The FAR rule requires that agencies acquire PIV products and
services that comply with the FIPS PUB 201 standard. The impact on
small entities will, therefore, vary depending on the approval
process for vendor products and services.
4. Description of the projected reporting, recordkeeping and
other compliance requirements of the rule, including an estimate of
the classes of small entities which will be subject to the
requirement and the type of professional skills necessary for
preparation of the report or record.
The rule does not impose any new reporting, recordkeeping, or
compliance requirements.
5. Description of the steps the agency has taken to minimize the
significant economic impact on small entities consistent with the
stated objectives of applicable statutes, including a statement of
the factual, policy, and legal reasons for selecting the alternative
adopted in the final rule and why each one of the other significant
alternatives to the rule considered by the agency was rejected.
Vendors are required to obtain validation testing and
certification from an accredited laboratory. The testing is
performed on a fee basis. The number and extent of testing will
depend on the nature of the product or service being tested. The
test protocols are still under development. The impact on small
entities will, therefore, be variable depending on the nature of the
product/service being validated. These standards and testing
policies may affect small business concerns in terms of their
ability to compete and win Federal contracts. The extent of the
effect and impact on small business concerns is unknown and will
vary by product and service due to the wide variances among product
and service functionality and design.
The FAR Secretariat has submitted a copy of the FRFA to the Chief
Counsel for Advocacy of the Small Business Administration. Interested
parties may obtain a copy from the FAR Secretariat. The Councils will
consider comments from small entities concerning the affected FAR Parts
4 and 52 in accordance with 5 U.S.C. 610. Interested parties must
submit such comments separately and should cite 5 U.S.C. 601, et seq.
(FAC 2005-19, FAR Case 2005-017), in correspondence.
C. Paperwork Reduction Act
The Paperwork Reduction Act does not apply because the changes to
the FAR do not impose information collection requirements that require
the approval of the Office of Management and Budget under 44 U.S.C.
3501, et seq.
[[Page 46335]]
List of Subjects in 48 CFR Parts 4 and 52
Government procurement.
Dated: July 30, 2007.
Al Matera,
Acting Director, Contract Policy Division.
0
Therefore, DoD, GSA, and NASA amend 48 CFR parts 4 and 52 as set forth
below:
0
1. The authority citation for 48 CFR parts 4 and 52 continues to read
as follows:
Authority: 40 U.S.C. 121(c); 10 U.S.C. chapter 137; and 42
U.S.C. 2473(c).
PART 4--ADMINISTRATIVE MATTERS
0
2. Revise subpart 4.13 to read as follows:
Subpart 4.13--Personal Identity Verification
Sec.
4.1300 Scope of subpart.
4.1301 Policy.
4.1302 Acquisition of approved products and services for personal
identity verification.
4.1303 Contract clause.
Subpart 4.13--Personal Identity Verification
4.1300 Scope of subpart.
This subpart provides policy and procedures associated with
Personal Identity Verification as required by--
(a) Federal Information Processing Standards Publication (FIPS PUB)
Number 201, ``Personal Identity Verification of Federal Employees and
Contractors''; and
(b) Office of Management and Budget (OMB) Guidance M-05-24, dated
August 5, 2005, ``Implementation of Homeland Security Presidential
Directive (HSPD) 12--Policy for a Common Identification Standard for
Federal Employees and Contractors.''
4.1301 Policy.
(a) Agencies must follow FIPS PUB Number 201 and the associated OMB
implementation guidance for personal identity verification for all
affected contractor and subcontractor personnel when contract
performance requires contractors to have routine physical access to a
Federally-controlled facility and/or routine access to a Federally-
controlled information system.
(b) Agencies must include their implementation of FIPS PUB 201 and
OMB Guidance M-05-24 in solicitations and contracts that require the
contractor to have routine physical access to a Federally-controlled
facility and/or routine access to a Federally-controlled information
system.
(c) Agencies must designate an official responsible for verifying
contractor employee personal identity.
4.1302 Acquisition of approved products and services for personal
identity verification.
(a) In order to comply with FIPS PUB 201, agencies must purchase
only approved personal identity verification products and services.
(b) Agencies may acquire the approved products and services from
the GSA, Federal Supply Schedule 70, Special Item Number (SIN) 132-62,
HSPD-12 Product and Service Components, in accordance with ordering
procedures outlined in FAR Subpart 8.4.
(c) When acquiring personal identity verification products and
services not using the process in paragraph (b) of this section,
agencies must ensure that the applicable products and services are
approved as compliant with FIPS PUB 201 including--
(1) Certifying the products and services procured meet all
applicable Federal standards and requirements;
(2) Ensuring interoperability and conformance to applicable Federal
standards for the lifecycle of the components; and
(3) Maintaining a written plan for ensuring ongoing conformance to
applicable Federal standards for the lifecycle of the components.
(d) For more information on personal identity verification products
and services see https://www.idmanagement.gov.
4.1303 Contract clause.
The contracting officer shall insert the clause at 52.204-9,
Personal Identity Verification of Contractor Personnel, in
solicitations and contracts when contract performance requires
contractors to have routine physical access to a Federally-controlled
facility and/or routine access to a Federally-controlled information
system. The clause shall not be used when contractors require only
intermittent access to Federally-controlled facilities.
PART 52--SOLICITATION PROVISIONS AND CONTRACT CLAUSES
0
3. Amend section 52.204-9 by--
0
a. Removing from the introductory text of the clause ``4.1301'' and
adding ``4.1303'' in its place;
0
b. Revising the date of clause to read ``(SEP 2007)''; and
0
c. Removing from paragraph (a) ``as amended,'' and ``,as amended''.
[FR Doc. 07-3795 Filed 8-16-07; 8:45 am]
BILLING CODE 6820-EP-S
