Federal Acquisition Regulation; FAR Case 2005-017, Requirement to Purchase Approved Authentication Products and Services, 46333-46335 [07-3795]

Download as PDF Federal Register / Vol. 72, No. 159 / Friday, August 17, 2007 / Rules and Regulations Review, dated September 30, 1993. This rule is not a major rule under 5 U.S.C. 804. DEPARTMENT OF DEFENSE GENERAL SERVICES ADMINISTRATION B. Regulatory Flexibility Act NATIONAL AERONAUTICS AND SPACE ADMINISTRATION 48 CFR Parts 4, 12, 14, and 15 [FAC 2005–19; FAR Case 2005–025; Item III; Docket 2006–0020; Sequence 4] RIN 9000–AK56 Federal Acquisition Regulation; FAR Case 2005–025; Online Representations and Certifications Application Archiving Capability Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA). ACTION: Final rule. AGENCIES: SUMMARY: The Civilian Agency Acquisition Council and the Defense Acquisition Regulations Council (Councils) have agreed to adopt the interim rule published in the Federal Register at 71 FR 57362, September 28, 2006, as a final rule without change. This final rule amends the Federal Acquisition Regulation (FAR) to address the record retention policy where the Online Representations and Certifications Application (ORCA) is used to submit an offeror’s representations and certification. DATES: Effective Date: August 17, 2007. FOR FURTHER INFORMATION CONTACT: Mr. Ernest Woodson, Procurement Analyst, at (202) 501–3775 for clarification of content. For information pertaining to status or publication schedules, contact the FAR Secretariat at (202) 501–4755. Please cite FAC 2005–19, FAR case 2005–025. SUPPLEMENTARY INFORMATION: sroberts on PROD1PC70 with RULES A. Background DoD, GSA, and NASA published an interim rule with request for comments in the Federal Register at 71 FR 57362, September 28, 2006. This final rule amends the Federal Acquisition Regulation to address the record retention policy where the Online Representations and Certifications Application (ORCA) is used to submit an offeror’s representations and certifications. The comment period closed November 27, 2006. One respondent submitted comments. This is not a significant regulatory action and, therefore, was not subject to review under Section 6(b) of Executive Order 12866, Regulatory Planning and VerDate Aug<31>2005 16:40 Aug 16, 2007 Jkt 211001 The Department of Defense, the General Services Administration, and the National Aeronautics and Space Administration certify that this final rule will not have a significant economic impact on a substantial number of small entities within the meaning of the Regulatory Flexibility Act, 5 U.S.C. 601, et seq., because the rule addresses management of contract files and clarifies existing procedures and practices used by Government contracting officers in making contract award decisions. The rule does not impose new requirements that impose a burden on contractors. No comments were received with regard to an impact on small business. C. Paperwork Reduction Act The Paperwork Reduction Act does not apply because the changes to the FAR do not impose information collection requirements that require the approval of the Office of Management and Budget under 44 U.S.C. 3501, et seq. List of Subjects in 48 CFR Parts 4, 12, 14, and 15 Government procurement. Dated: July 30, 2007. Al Matera, Acting Director, Contract Policy Division. Interim Rule Adopted as Final Without Change Accordingly, the interim rule amending 48 CFR parts 4, 12, 14, and 15 which was published at 71 FR 57362 on September 28, 2006, is adopted as a final rule without change. I [FR Doc. 07–3794 Filed 8–16–07; 8:45 am] BILLING CODE 6820–EP–S PO 00000 46333 DEPARTMENT OF DEFENSE GENERAL SERVICES ADMINISTRATION NATIONAL AERONAUTICS AND SPACE ADMINISTRATION 48 CFR Parts 4 and 52 [FAC 2005–19; FAR Case 2005–017; Item IV; Docket 2006–0020; Sequence 6] RIN 9000–AK53 Federal Acquisition Regulation; FAR Case 2005–017, Requirement to Purchase Approved Authentication Products and Services Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA). ACTION: Final rule. AGENCIES: SUMMARY: The Civilian Agency Acquisition Council and the Defense Acquisition Regulations Council (Councils) have agreed on a final rule amending the Federal Acquisition Regulation (FAR) to address the acquisition of products and services for personal identity verification that comply with requirements in Homeland Security Presidential Directive (HSPD) 12, ‘‘Policy for a Common Identification Standard for Federal Employees and Contractors,’’ and Federal Information Processing Standards Publication (FIPS PUB) 201, ‘‘Personal Identity Verification of Federal Employees and Contractors.’’ DATES: Effective Date: September 17, 2007. For clarification of content, contact Mr. Michael Jackson, Procurement Analyst, at (202) 208–4949. Please cite FAC 2005–19, FAR case 2005–017. For information pertaining to status or publication schedules, contact the FAR Secretariat at (202) 501–4755. SUPPLEMENTARY INFORMATION: FOR FURTHER INFORMATION CONTACT: A. Background This final rule amends the Federal Acquisition Regulation to address the acquisition of products and services. DoD, GSA, and NASA published a proposed rule in the Federal Register at 71 FR 49405 on August 23, 2006. The Councils received no comments on the proposed rule. Therefore, the Councils have adopted the proposed rule as a final rule with minor editorial and baseline changes. Increasingly, contractors are required to have physical access to Federally- Frm 00011 Fmt 4701 Sfmt 4700 E:\FR\FM\17AUR2.SGM 17AUR2 sroberts on PROD1PC70 with RULES 46334 Federal Register / Vol. 72, No. 159 / Friday, August 17, 2007 / Rules and Regulations controlled facilities and information systems in the performance of Government contracts. On August 27, 2004, in response to the general threat of unauthorized access to physical facilities and information systems, the President issued Homeland Security Presidential Directive (HSPD) 12. The primary objectives of HSPD–12 are to establish a process to enhance security, increase Government efficiency, reduce identity fraud, and protect personal privacy by establishing a mandatory, Government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors. In accordance with HSPD–12, the Secretary of Commerce issued on February 25, 2005, Federal Information Processing Standards Publication (FIPS PUB) 201, Personal Identity Verification of Federal Employees and Contractors, to establish a Governmentwide standard for secure and reliable forms of identification for Federal and contractor employees. FIPS PUB 201 is available at https://csrc.nist.gov/publications/fips/ index.html. The Office of Management and Budget (OMB) associated guidance, M–05–24, dated August 5, 2005, can be found at https://www.whitehouse.gov/ omb/memoranda/fy2005/m05–24.pdf. In accordance with requirements in HSPD–12 and OMB Memorandum M– 05–24, agencies— (a) Must issue and require the use of identity credentials that are compliant with the technical requirements of FIPS PUB 201 and associated guidance issued by the National Institute for Standards and Technology in the areas of personal authentication, access controls and card management; and (b) May acquire authentication products and services that are approved to be compliant with the FIPS PUB 201 through Special Item Number (SIN) 132–62, HSPD–12 Product and Service Components, made available by GSA under Federal Supply Schedule 70. GSA has developed an informational website (https://www.idmanagement.gov/) that will provide a one-stop shop for citizens, businesses, and government entities interested in identity management activities. The site provides information on HSPD–12 and eAuthentication acquisition vehicles and processes. The rule amends the FAR by revising FAR Subpart 4.13 by adding two new sections on the scope of the subpart, and the acquisition of approved products and services; the existing subpart sections are revised and renumbered. This is not a significant regulatory action and, therefore, was not subject to review under Section 6(b) of Executive VerDate Aug<31>2005 16:40 Aug 16, 2007 Jkt 211001 Order 12866, Regulatory Planning and Review, dated September 30, 1993. This rule is not a major rule under 5 U.S.C. 804. B. Regulatory Flexibility Act The changes may have a significant economic impact on a substantial number of small entities within the meaning of the Regulatory Flexibility Act, 5 U.S.C. 601, et seq., because HSPD–12 requires agencies to procure Personal Identity Verification (PIV) products and services that comply with the Federal Information Processing Standards Publication (FIPS PUB) 201 standard. NIST has established the NIST Personal Identity Verification Program (NPIVP) (https://csrc.nist.gov/npivp) to validate PIV components and subsystems required by FIPS PUB 201 that meet the NPIVP requirements. The validation tests are performed by third party laboratories that are accredited through NIST’s National Voluntary Laboratory Accreditation Program. Vendors are required to obtain validation testing and certification from an accredited laboratory. The testing is performed on a fee basis. The number and extent of testing will depend on the nature of the product or service being tested. The test protocols are still under development. The impact on small entities will, therefore, be variable depending on the nature of the product/ service being validated. These standards and testing policies may affect small business concerns in terms of their ability to compete and win Federal contracts. The extent of the effect and impact on small business concerns is unknown and will vary by product and service due to the wide variances among product and service functionality and design. The Regulatory Flexibility Act, 5 U.S.C. 601, et seq., applies to this final rule. The Councils prepared a Final Regulatory Flexibility Analysis (FRFA), and it is summarized as follows: 1. Succinct statement of the need for, and the objectives of, the rule. The rule implements the provisions of HSPD–12 that require agencies to purchase PIV products and services that are approved to comply with the FIPS PUB 201 standard and that are interoperable among agencies. 2. Summary of the significant issues raised by the public comments in response to the initial regulatory flexibility analysis, a summary of the assessment of the agency of such issues, and a statement of any changes made in the proposed rule as a result of such comments. This final rule amends the Federal Acquisition Regulation to implement the provisions of Homeland Security Presidential Directive 12 (HSPD–12) and Federal Information Processing Standards Publication Number 201(FIPS PUB 201). The PO 00000 Frm 00012 Fmt 4701 Sfmt 4700 DAR Council and the CAAC published a proposed rule in the Federal Register at 71 FR 49405, August 23, 2006. Public comments were due on or before October 23, 2006, to be considered in the formulation of the final rule. No public comments were received. 3. Description of and an estimate of the number of small entities to which the rule will apply or an explanation of why no such estimate is available. The FAR rule requires that agencies acquire PIV products and services that comply with the FIPS PUB 201 standard. The impact on small entities will, therefore, vary depending on the approval process for vendor products and services. 4. Description of the projected reporting, recordkeeping and other compliance requirements of the rule, including an estimate of the classes of small entities which will be subject to the requirement and the type of professional skills necessary for preparation of the report or record. The rule does not impose any new reporting, recordkeeping, or compliance requirements. 5. Description of the steps the agency has taken to minimize the significant economic impact on small entities consistent with the stated objectives of applicable statutes, including a statement of the factual, policy, and legal reasons for selecting the alternative adopted in the final rule and why each one of the other significant alternatives to the rule considered by the agency was rejected. Vendors are required to obtain validation testing and certification from an accredited laboratory. The testing is performed on a fee basis. The number and extent of testing will depend on the nature of the product or service being tested. The test protocols are still under development. The impact on small entities will, therefore, be variable depending on the nature of the product/ service being validated. These standards and testing policies may affect small business concerns in terms of their ability to compete and win Federal contracts. The extent of the effect and impact on small business concerns is unknown and will vary by product and service due to the wide variances among product and service functionality and design. The FAR Secretariat has submitted a copy of the FRFA to the Chief Counsel for Advocacy of the Small Business Administration. Interested parties may obtain a copy from the FAR Secretariat. The Councils will consider comments from small entities concerning the affected FAR Parts 4 and 52 in accordance with 5 U.S.C. 610. Interested parties must submit such comments separately and should cite 5 U.S.C. 601, et seq. (FAC 2005–19, FAR Case 2005– 017), in correspondence. C. Paperwork Reduction Act The Paperwork Reduction Act does not apply because the changes to the FAR do not impose information collection requirements that require the approval of the Office of Management and Budget under 44 U.S.C. 3501, et seq. E:\FR\FM\17AUR2.SGM 17AUR2 Federal Register / Vol. 72, No. 159 / Friday, August 17, 2007 / Rules and Regulations (c) Agencies must designate an official responsible for verifying contractor employee personal identity. List of Subjects in 48 CFR Parts 4 and 52 Government procurement. 4.1302 Acquisition of approved products and services for personal identity verification. Dated: July 30, 2007. Al Matera, Acting Director, Contract Policy Division. Therefore, DoD, GSA, and NASA amend 48 CFR parts 4 and 52 as set forth below: I 1. The authority citation for 48 CFR parts 4 and 52 continues to read as follows: I Authority: 40 U.S.C. 121(c); 10 U.S.C. chapter 137; and 42 U.S.C. 2473(c). PART 4—ADMINISTRATIVE MATTERS 2. Revise subpart 4.13 to read as follows: I Subpart 4.13—Personal Identity Verification Sec. 4.1300 Scope of subpart. 4.1301 Policy. 4.1302 Acquisition of approved products and services for personal identity verification. 4.1303 Contract clause. Subpart 4.13—Personal Identity Verification 4.1300 Scope of subpart. This subpart provides policy and procedures associated with Personal Identity Verification as required by— (a) Federal Information Processing Standards Publication (FIPS PUB) Number 201, ‘‘Personal Identity Verification of Federal Employees and Contractors’’; and (b) Office of Management and Budget (OMB) Guidance M–05–24, dated August 5, 2005, ‘‘Implementation of Homeland Security Presidential Directive (HSPD) 12—Policy for a Common Identification Standard for Federal Employees and Contractors.’’ sroberts on PROD1PC70 with RULES 4.1301 Policy. (a) Agencies must follow FIPS PUB Number 201 and the associated OMB implementation guidance for personal identity verification for all affected contractor and subcontractor personnel when contract performance requires contractors to have routine physical access to a Federally-controlled facility and/or routine access to a Federallycontrolled information system. (b) Agencies must include their implementation of FIPS PUB 201 and OMB Guidance M–05–24 in solicitations and contracts that require the contractor to have routine physical access to a Federally-controlled facility and/or routine access to a Federallycontrolled information system. VerDate Aug<31>2005 16:40 Aug 16, 2007 Jkt 211001 (a) In order to comply with FIPS PUB 201, agencies must purchase only approved personal identity verification products and services. (b) Agencies may acquire the approved products and services from the GSA, Federal Supply Schedule 70, Special Item Number (SIN) 132–62, HSPD–12 Product and Service Components, in accordance with ordering procedures outlined in FAR Subpart 8.4. (c) When acquiring personal identity verification products and services not using the process in paragraph (b) of this section, agencies must ensure that the applicable products and services are approved as compliant with FIPS PUB 201 including— (1) Certifying the products and services procured meet all applicable Federal standards and requirements; (2) Ensuring interoperability and conformance to applicable Federal standards for the lifecycle of the components; and (3) Maintaining a written plan for ensuring ongoing conformance to applicable Federal standards for the lifecycle of the components. (d) For more information on personal identity verification products and services see https:// www.idmanagement.gov. 4.1303 Contract clause. The contracting officer shall insert the clause at 52.204–9, Personal Identity Verification of Contractor Personnel, in solicitations and contracts when contract performance requires contractors to have routine physical access to a Federally-controlled facility and/or routine access to a Federallycontrolled information system. The clause shall not be used when contractors require only intermittent access to Federally-controlled facilities. PART 52—SOLICITATION PROVISIONS AND CONTRACT CLAUSES 3. Amend section 52.204–9 by— a. Removing from the introductory text of the clause ‘‘4.1301’’ and adding ‘‘4.1303’’ in its place; I b. Revising the date of clause to read ‘‘(SEP 2007)’’; and I c. Removing from paragraph (a) ‘‘as amended,’’ and ‘‘,as amended’’. I I [FR Doc. 07–3795 Filed 8–16–07; 8:45 am] BILLING CODE 6820–EP–S PO 00000 Frm 00013 Fmt 4701 Sfmt 4700 46335 DEPARTMENT OF DEFENSE GENERAL SERVICES ADMINISTRATION NATIONAL AERONAUTICS AND SPACE ADMINISTRATION 48 CFR Parts 12, 22 and 52 [FAC 2005–19; FAR Case 2005–012; Item V; Docket 2006–0020; Sequence 1] RIN 9000–AK31 Federal Acquisition Regulation; FAR Case 2005–012, Combating Trafficking in Persons (Revised Interim Rule) Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA). ACTION: Interim rule with request for comments. AGENCIES: SUMMARY: The Civilian Agency Acquisition Council and the Defense Acquisition Regulations Council (Councils) have agreed on an interim rule amending the Federal Acquisition Regulation (FAR) to implement 22 U.S.C. 7104(g). This statute requires that contracts must include a provision that authorizes the department or agency to terminate the contract, if the contractor or any subcontractor engages in trafficking in persons. This interim rule contains a clause to be used in all contracts. Effective Date: August 17, 2007. Comment Date: Interested parties should submit written comments to the FAR Secretariat on or before October 16, 2007 to be considered in the formulation of a final rule. ADDRESSES: Submit comments identified by FAC 2005–19, FAR case 2005–012, by any of the following methods: • Federal eRulemaking Portal:https:// www.regulations.gov. Search for any document by first selecting the proper document types and selecting ‘‘Federal Acquisition Regulation’’ as the agency of choice. At the ‘‘Keyword’’ prompt, type in the FAR case number (for example, FAR Case 2006–001) and click on the ‘‘Submit’’ button. Please include your name and company name (if any) inside the document. You may also search for any document by clicking on the ‘‘Advanced search/document search’’ tab at the top of the screen, selecting from the agency field ‘‘Federal Acquisition Regulation’’, and typing the FAR case number in the keyword field. Select the ‘‘Submit’’ button. • Fax: 202–501–4067. DATES: E:\FR\FM\17AUR2.SGM 17AUR2

Agencies

[Federal Register Volume 72, Number 159 (Friday, August 17, 2007)]
[Rules and Regulations]
[Pages 46333-46335]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 07-3795]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

GENERAL SERVICES ADMINISTRATION

NATIONAL AERONAUTICS AND SPACE ADMINISTRATION

48 CFR Parts 4 and 52

[FAC 2005-19; FAR Case 2005-017; Item IV; Docket 2006-0020; Sequence 6]
RIN 9000-AK53


Federal Acquisition Regulation; FAR Case 2005-017, Requirement to 
Purchase Approved Authentication Products and Services

AGENCIES: Department of Defense (DoD), General Services Administration 
(GSA), and National Aeronautics and Space Administration (NASA).

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Civilian Agency Acquisition Council and the Defense 
Acquisition Regulations Council (Councils) have agreed on a final rule 
amending the Federal Acquisition Regulation (FAR) to address the 
acquisition of products and services for personal identity verification 
that comply with requirements in Homeland Security Presidential 
Directive (HSPD) 12, ``Policy for a Common Identification Standard for 
Federal Employees and Contractors,'' and Federal Information Processing 
Standards Publication (FIPS PUB) 201, ``Personal Identity Verification 
of Federal Employees and Contractors.''

DATES:  Effective Date: September 17, 2007.

FOR FURTHER INFORMATION CONTACT: For clarification of content, contact 
Mr. Michael Jackson, Procurement Analyst, at (202) 208-4949. Please 
cite FAC 2005-19, FAR case 2005-017. For information pertaining to 
status or publication schedules, contact the FAR Secretariat at (202) 
501-4755.

SUPPLEMENTARY INFORMATION:

A. Background

    This final rule amends the Federal Acquisition Regulation to 
address the acquisition of products and services.
    DoD, GSA, and NASA published a proposed rule in the Federal 
Register at 71 FR 49405 on August 23, 2006. The Councils received no 
comments on the proposed rule. Therefore, the Councils have adopted the 
proposed rule as a final rule with minor editorial and baseline 
changes.
    Increasingly, contractors are required to have physical access to 
Federally-

[[Page 46334]]

controlled facilities and information systems in the performance of 
Government contracts. On August 27, 2004, in response to the general 
threat of unauthorized access to physical facilities and information 
systems, the President issued Homeland Security Presidential Directive 
(HSPD) 12. The primary objectives of HSPD-12 are to establish a process 
to enhance security, increase Government efficiency, reduce identity 
fraud, and protect personal privacy by establishing a mandatory, 
Government-wide standard for secure and reliable forms of 
identification issued by the Federal Government to its employees and 
contractors. In accordance with HSPD-12, the Secretary of Commerce 
issued on February 25, 2005, Federal Information Processing Standards 
Publication (FIPS PUB) 201, Personal Identity Verification of Federal 
Employees and Contractors, to establish a Governmentwide standard for 
secure and reliable forms of identification for Federal and contractor 
employees. FIPS PUB 201 is available at https://csrc.nist.gov/
publications/fips/. The Office of Management and Budget (OMB) 
associated guidance, M-05-24, dated August 5, 2005, can be found at 
https://www.whitehouse.gov/omb/memoranda/fy2005/m05-24.pdf.
    In accordance with requirements in HSPD-12 and OMB Memorandum M-05-
24, agencies--
    (a) Must issue and require the use of identity credentials that are 
compliant with the technical requirements of FIPS PUB 201 and 
associated guidance issued by the National Institute for Standards and 
Technology in the areas of personal authentication, access controls and 
card management; and
    (b) May acquire authentication products and services that are 
approved to be compliant with the FIPS PUB 201 through Special Item 
Number (SIN) 132-62, HSPD-12 Product and Service Components, made 
available by GSA under Federal Supply Schedule 70. GSA has developed an 
informational website (https://www.idmanagement.gov/) that will provide 
a one-stop shop for citizens, businesses, and government entities 
interested in identity management activities. The site provides 
information on HSPD-12 and eAuthentication acquisition vehicles and 
processes.
    The rule amends the FAR by revising FAR Subpart 4.13 by adding two 
new sections on the scope of the subpart, and the acquisition of 
approved products and services; the existing subpart sections are 
revised and renumbered.
    This is not a significant regulatory action and, therefore, was not 
subject to review under Section 6(b) of Executive Order 12866, 
Regulatory Planning and Review, dated September 30, 1993. This rule is 
not a major rule under 5 U.S.C. 804.

B. Regulatory Flexibility Act

    The changes may have a significant economic impact on a substantial 
number of small entities within the meaning of the Regulatory 
Flexibility Act, 5 U.S.C. 601, et seq., because HSPD-12 requires 
agencies to procure Personal Identity Verification (PIV) products and 
services that comply with the Federal Information Processing Standards 
Publication (FIPS PUB) 201 standard. NIST has established the NIST 
Personal Identity Verification Program (NPIVP) (https://csrc.nist.gov/
npivp) to validate PIV components and subsystems required by FIPS PUB 
201 that meet the NPIVP requirements. The validation tests are 
performed by third party laboratories that are accredited through 
NIST's National Voluntary Laboratory Accreditation Program.
    Vendors are required to obtain validation testing and certification 
from an accredited laboratory. The testing is performed on a fee basis. 
The number and extent of testing will depend on the nature of the 
product or service being tested. The test protocols are still under 
development. The impact on small entities will, therefore, be variable 
depending on the nature of the product/service being validated. These 
standards and testing policies may affect small business concerns in 
terms of their ability to compete and win Federal contracts. The extent 
of the effect and impact on small business concerns is unknown and will 
vary by product and service due to the wide variances among product and 
service functionality and design.
    The Regulatory Flexibility Act, 5 U.S.C. 601, et seq., applies to 
this final rule. The Councils prepared a Final Regulatory Flexibility 
Analysis (FRFA), and it is summarized as follows:
    1. Succinct statement of the need for, and the objectives of, 
the rule.
    The rule implements the provisions of HSPD-12 that require 
agencies to purchase PIV products and services that are approved to 
comply with the FIPS PUB 201 standard and that are interoperable 
among agencies.
    2. Summary of the significant issues raised by the public 
comments in response to the initial regulatory flexibility analysis, 
a summary of the assessment of the agency of such issues, and a 
statement of any changes made in the proposed rule as a result of 
such comments.
    This final rule amends the Federal Acquisition Regulation to 
implement the provisions of Homeland Security Presidential Directive 
12 (HSPD-12) and Federal Information Processing Standards 
Publication Number 201(FIPS PUB 201). The DAR Council and the CAAC 
published a proposed rule in the Federal Register at 71 FR 49405, 
August 23, 2006. Public comments were due on or before October 23, 
2006, to be considered in the formulation of the final rule. No 
public comments were received.
    3. Description of and an estimate of the number of small 
entities to which the rule will apply or an explanation of why no 
such estimate is available.
    The FAR rule requires that agencies acquire PIV products and 
services that comply with the FIPS PUB 201 standard. The impact on 
small entities will, therefore, vary depending on the approval 
process for vendor products and services.
    4. Description of the projected reporting, recordkeeping and 
other compliance requirements of the rule, including an estimate of 
the classes of small entities which will be subject to the 
requirement and the type of professional skills necessary for 
preparation of the report or record.
    The rule does not impose any new reporting, recordkeeping, or 
compliance requirements.
    5. Description of the steps the agency has taken to minimize the 
significant economic impact on small entities consistent with the 
stated objectives of applicable statutes, including a statement of 
the factual, policy, and legal reasons for selecting the alternative 
adopted in the final rule and why each one of the other significant 
alternatives to the rule considered by the agency was rejected.
    Vendors are required to obtain validation testing and 
certification from an accredited laboratory. The testing is 
performed on a fee basis. The number and extent of testing will 
depend on the nature of the product or service being tested. The 
test protocols are still under development. The impact on small 
entities will, therefore, be variable depending on the nature of the 
product/service being validated. These standards and testing 
policies may affect small business concerns in terms of their 
ability to compete and win Federal contracts. The extent of the 
effect and impact on small business concerns is unknown and will 
vary by product and service due to the wide variances among product 
and service functionality and design.
    The FAR Secretariat has submitted a copy of the FRFA to the Chief 
Counsel for Advocacy of the Small Business Administration. Interested 
parties may obtain a copy from the FAR Secretariat. The Councils will 
consider comments from small entities concerning the affected FAR Parts 
4 and 52 in accordance with 5 U.S.C. 610. Interested parties must 
submit such comments separately and should cite 5 U.S.C. 601, et seq. 
(FAC 2005-19, FAR Case 2005-017), in correspondence.

C. Paperwork Reduction Act

    The Paperwork Reduction Act does not apply because the changes to 
the FAR do not impose information collection requirements that require 
the approval of the Office of Management and Budget under 44 U.S.C. 
3501, et seq.

[[Page 46335]]

List of Subjects in 48 CFR Parts 4 and 52

    Government procurement.

    Dated: July 30, 2007.
Al Matera,
Acting Director, Contract Policy Division.

0
Therefore, DoD, GSA, and NASA amend 48 CFR parts 4 and 52 as set forth 
below:
0
1. The authority citation for 48 CFR parts 4 and 52 continues to read 
as follows:

    Authority: 40 U.S.C. 121(c); 10 U.S.C. chapter 137; and 42 
U.S.C. 2473(c).

PART 4--ADMINISTRATIVE MATTERS

0
2. Revise subpart 4.13 to read as follows:
Subpart 4.13--Personal Identity Verification
Sec.
4.1300 Scope of subpart.
4.1301 Policy.
4.1302 Acquisition of approved products and services for personal 
identity verification.
4.1303 Contract clause.

Subpart 4.13--Personal Identity Verification


4.1300   Scope of subpart.

    This subpart provides policy and procedures associated with 
Personal Identity Verification as required by--
    (a) Federal Information Processing Standards Publication (FIPS PUB) 
Number 201, ``Personal Identity Verification of Federal Employees and 
Contractors''; and
    (b) Office of Management and Budget (OMB) Guidance M-05-24, dated 
August 5, 2005, ``Implementation of Homeland Security Presidential 
Directive (HSPD) 12--Policy for a Common Identification Standard for 
Federal Employees and Contractors.''


4.1301   Policy.

    (a) Agencies must follow FIPS PUB Number 201 and the associated OMB 
implementation guidance for personal identity verification for all 
affected contractor and subcontractor personnel when contract 
performance requires contractors to have routine physical access to a 
Federally-controlled facility and/or routine access to a Federally-
controlled information system.
    (b) Agencies must include their implementation of FIPS PUB 201 and 
OMB Guidance M-05-24 in solicitations and contracts that require the 
contractor to have routine physical access to a Federally-controlled 
facility and/or routine access to a Federally-controlled information 
system.
    (c) Agencies must designate an official responsible for verifying 
contractor employee personal identity.


4.1302   Acquisition of approved products and services for personal 
identity verification.

    (a) In order to comply with FIPS PUB 201, agencies must purchase 
only approved personal identity verification products and services.
    (b) Agencies may acquire the approved products and services from 
the GSA, Federal Supply Schedule 70, Special Item Number (SIN) 132-62, 
HSPD-12 Product and Service Components, in accordance with ordering 
procedures outlined in FAR Subpart 8.4.
    (c) When acquiring personal identity verification products and 
services not using the process in paragraph (b) of this section, 
agencies must ensure that the applicable products and services are 
approved as compliant with FIPS PUB 201 including--
    (1) Certifying the products and services procured meet all 
applicable Federal standards and requirements;
    (2) Ensuring interoperability and conformance to applicable Federal 
standards for the lifecycle of the components; and
    (3) Maintaining a written plan for ensuring ongoing conformance to 
applicable Federal standards for the lifecycle of the components.
    (d) For more information on personal identity verification products 
and services see https://www.idmanagement.gov.


4.1303   Contract clause.

    The contracting officer shall insert the clause at 52.204-9, 
Personal Identity Verification of Contractor Personnel, in 
solicitations and contracts when contract performance requires 
contractors to have routine physical access to a Federally-controlled 
facility and/or routine access to a Federally-controlled information 
system. The clause shall not be used when contractors require only 
intermittent access to Federally-controlled facilities.

PART 52--SOLICITATION PROVISIONS AND CONTRACT CLAUSES

0
3. Amend section 52.204-9 by--
0
a. Removing from the introductory text of the clause ``4.1301'' and 
adding ``4.1303'' in its place;
0
b. Revising the date of clause to read ``(SEP 2007)''; and
0
c. Removing from paragraph (a) ``as amended,'' and ``,as amended''.
[FR Doc. 07-3795 Filed 8-16-07; 8:45 am]
BILLING CODE 6820-EP-S
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.