Information Collection Requirement; Defense Federal Acquisition Regulation Supplement (DFARS); Cyber Incident Reporting and Cloud Computing, 23532-23533 [2019-10459]

Download as PDF 23532 Federal Register / Vol. 84, No. 99 / Wednesday, May 22, 2019 / Notices In compliance with the Paperwork Reduction Act of 1995, the Army & Air Force Exchange Service (Exchange) announces a proposed public information collection and seeks public comment on the provisions thereof. Comments are invited on: whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information shall have practical utility; the accuracy of the agency’s estimate of the burden of the proposed information collection; ways to enhance the quality, utility, and clarity of the information to be collected; and ways to minimize the burden of the information collection on respondents, including through the use of automated collection techniques or other forms of information technology. DATES: Consideration will be given to all comments received by July 22, 2019. ADDRESSES: You may submit comments, identified by docket number and title, by any of the following methods: • Federal eRulemaking Portal: http:// www.regulations.gov. Follow the instructions for submitting comments. • Mail: Department of Defense, Office of the Chief Management Officer, Directorate for Oversight and Compliance, 4800 Mark Center Drive, Mailbox #24, Suite 08D09B, Alexandria, VA 22350–1700. Instructions: All submissions received must include the agency name, docket number and title for this Federal Register document. The general policy for comments and other submissions from members of the public is to make these submissions available for public viewing on the internet at http:// www.regulations.gov as they are received without change, including any personal identifiers or contact information. Any associated form(s) for this collection may be located within this same electronic docket and downloaded for review/testing. Follow the instructions at http:// www.regulations.gov for submitting comments. Please submit comments on any given form identified by docket number, form number, and title. FOR FURTHER INFORMATION CONTACT: To request more information on this proposed information collection or to obtain a copy of the proposal and associated collection instruments, please write to the Army & Air Force Exchange Service, Office of the General Counsel, Compliance Division, ATTN: Teresa Schreurs, Privacy Manager, 3911 South Walton Walker Blvd., Dallas, TX 75236–1598 or call the Exchange Compliance Division at 800–967–6067. jbell on DSK3GLQ082PROD with NOTICES SUMMARY: VerDate Sep<11>2014 17:29 May 21, 2019 Jkt 247001 SUPPLEMENTARY INFORMATION: Title; Associated Form; and OMB Number: Exchange Employee Management and Pay System; Exchange Form 1450–011 ‘‘Annuity Application,’’ Exchange Form 1450–018 ‘‘Application for Payment of Survivor Annuity,’’ Exchange Form 1700–012 ‘‘Beneficiary Designation’’, Web-based ‘‘Health/ Benefit Enrollment’’; OMB Control Number 0702–0139. Needs and Uses: The information collection requirement is necessary to administer a number of different benefits and pay to eligible Exchange associates, former associates (retirees), their dependents, beneficiaries, spouses, and ex-spouses. This includes collecting data needed to provide and administer pay, salary and retirement entitlements. Affected Public: Individuals or Households and Federal Government. Annual Burden Hours: 7,755. Number of Respondents: 10,340. Responses per Respondent: 1. Annual Responses: 10,340. Average Burden per Response: 45 minutes. Frequency: On occasion. Respondents are active, former/retired or terminated Exchange personnel, including family members, beneficiaries and survivors. Respondents provide Annuity Application, Survivor annuity and may provide the Beneficiary Designation manually. Other benefits such as enrollment in health coverage, beneficiary designation, and retirement options are done so primarily through electronic means. Health, and 401(k) retirement collections are maintained by the service provider. Dated: May 17, 2019. Aaron Siegel, Alternate OSD Federal Register Liaison Officer, Department of Defense. [FR Doc. 2019–10713 Filed 5–21–19; 8:45 am] BILLING CODE 5001–06–P DEPARTMENT OF DEFENSE Defense Acquisition Regulations System [Docket Number DARS–2019–0020; OMB Control Number 0704–0478] Information Collection Requirement; Defense Federal Acquisition Regulation Supplement (DFARS); Cyber Incident Reporting and Cloud Computing Defense Acquisition Regulations System, Department of Defense (DoD). ACTION: Notice and request for comments regarding a proposed AGENCY: PO 00000 Frm 00011 Fmt 4703 Sfmt 4703 extension of an approved information collection requirement. In compliance with section 3506(c)(2)(A) of the Paperwork Reduction Act of 1995, DoD announces the proposed extension of a public information collection requirement and seeks public comment on the provisions thereof. DoD invites comments on: Whether the proposed collection of information is necessary for the proper performance of the functions of DoD, including whether the information will have practical utility; the accuracy of the estimate of the burden of the proposed information collection; ways to enhance the quality, utility, and clarity of the information to be collected; and ways to minimize the burden of the information collection on respondents, including the use of automated collection techniques or other forms of information technology. The Office of Management and Budget (OMB) has approved this information collection for use through July 31, 2019. DoD proposes that OMB extend its approval for use for three additional years beyond the current expiration date. DATES: DoD will consider all comments received by July 22, 2019. ADDRESSES: You may submit comments, identified by OMB Control Number 0704–0478, using any of the following methods: Æ Federal eRulemaking Portal: http:// www.regulations.gov. Follow the instructions for submitting comments. Æ Email: osd.dfars@mail.mil. Include OMB Control Number 0704–0478 in the subject line of the message. Æ Fax: 571–372–6094. Æ Mail: Defense Acquisition Regulations System, Attn: Ms. Kimberly Ziegler, OUSD(A&S)DPC(DARS), 3060 Defense Pentagon, Room 3B941, Washington, DC 20301–3060. Comments received generally will be posted without change to http:// www.regulations.gov, including any personal information provided. FOR FURTHER INFORMATION CONTACT: Ms. Kimberly Ziegler, at 571- 372–6095. SUPPLEMENTARY INFORMATION: Title, Associated Form, and OMB Number: Safeguarding Covered Defense Information, Cyber Incident Reporting, and Cloud Computing; OMB Control Number 0704–0478. Needs and Uses: Offerors and contractors must report cyber incidents on unclassified networks or information systems, within cloud computing services, and when they affect contractors designated as providing operationally critical support, as required by statute. SUMMARY: E:\FR\FM\22MYN1.SGM 22MYN1 23533 Federal Register / Vol. 84, No. 99 / Wednesday, May 22, 2019 / Notices a. The clause at DFARS 252.204– 7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, covers cyber incident reporting requirements for incidents that affect a covered contractor information system or the covered defense information residing therein, or that affects the contractor’s ability to perform the requirements of the contract that are designated as operationally critical support and identified in the contract. b. DFARS provision 252.204–7008, Compliance with Safeguarding Covered Defense Information Controls, requires an offeror that proposes to vary from any of the security controls of National Institute of Standards and Technology (NIST) Special Publication (SP) 800–171 in effect at the time the solicitation is issued to submit to the contracting officer a written explanation of how the specified security control is not applicable or an alternative control or protective measure is used to achieve equivalent protection. c. DFARS provision 252.239–7009, Representation of Use of Cloud Computing, requires contractors to report that they ‘‘anticipate’’ or ‘‘do not anticipate’’ utilizing cloud computing service in performance of the resultant contract. The representation will notify contracting officers of the applicability of the cloud computing requirements at DFARS clause 252.239–7010 of the contract. d. DFARS clause 252.239–7010, Cloud Computing Services, requires reporting of cyber incidents that occur when DoD is purchasing cloud computing services. These DFARS provisions and clauses facilitate mandatory cyber incident reporting requirements in accordance with statutory regulations. When reports are submitted, DoD will analyze the reported information for cyber threats and vulnerabilities in order to develop jbell on DSK3GLQ082PROD with NOTICES State or territory ALASKA ALASKA ALASKA ALASKA ALASKA ALASKA ALASKA ALASKA ALASKA ALASKA ALASKA ALASKA ALASKA ALASKA ALASKA ALASKA ALASKA ALASKA ALASKA ALASKA .......................................... .......................................... .......................................... .......................................... .......................................... .......................................... .......................................... .......................................... .......................................... .......................................... .......................................... .......................................... .......................................... .......................................... .......................................... .......................................... .......................................... .......................................... .......................................... .......................................... VerDate Sep<11>2014 17:29 May 21, 2019 response measures as well as improve U.S. Government understanding of advanced cyber threat activity. In addition, the security requirements in NIST SP 800–171 are specifically tailored for use in protecting sensitive information residing in contractor information systems and generally reduce the burden placed on contractors by eliminating Federal-centric processes and requirements. The information provided will inform the Department in assessing the overall risk to DoD covered defense information on unclassified contractor systems and networks. Affected Public: Businesses or other for-profit and not-for-profit institutions. Respondent’s Obligation: Required to obtain or retain benefits. Number of Respondents: 2,017. Responses per Respondent: Approximately 17.35. Annual Responses: 34,974. Average Burden per Response: .29 hours. Annual Burden Hours: 10,071. Frequency: On occasion. Jennifer Lee Hawes, Regulatory Control Officer, Defense Acquisition Regulations System. [FR Doc. 2019–10459 Filed 5–21–19; 8:45 am] BILLING CODE 5001–06–P DEPARTMENT OF DEFENSE Office of the Secretary Revised Non-Foreign Overseas Per Diem Rates Defense Human Resources Activity, Policy and Regulations Branch, Defense Travel Management Office, DoD. ACTION: Notice of revised per diem rates in non-foreign areas outside the contiguous U.S. AGENCY: Season start Locality [OTHER] ............................................... ADAK ................................................... ANCHORAGE [INCL NAV RES] ......... ANCHORAGE [INCL NAV RES] ......... BARROW ............................................. BARROW ............................................. BARTER ISLAND LRRS ...................... BETHEL ............................................... BETTLES ............................................. CAPE LISBURNE LRRS ..................... CAPE NEWENHAM LRRS .................. CAPE ROMANZOF LRRS ................... CLEAR AB ........................................... COLD BAY ........................................... COLD BAY LRRS ................................ COLDFOOT ......................................... COPPER CENTER .............................. CORDOVA ........................................... CRAIG .................................................. CRAIG .................................................. Jkt 247001 PO 00000 Frm 00012 Fmt 4703 Season end 01/01 01/01 05/01 09/01 05/15 09/15 01/01 01/01 01/01 01/01 01/01 01/01 01/01 01/01 01/01 01/01 01/01 01/01 05/01 10/01 Sfmt 4703 12/31 12/31 08/31 04/30 09/14 05/14 12/31 12/31 12/31 12/31 12/31 12/31 12/31 12/31 12/31 12/31 12/31 12/31 09/30 04/30 The Defense Travel Management Office publishes this Civilian Personnel Per Diem Bulletin Number 309. Bulletin Number 309 lists current per diem rates prescribed for reimbursement of subsistence expenses while on official Government travel to Alaska, Hawaii, the Commonwealth of Puerto Rico, and the possessions of the United States. The Fiscal Year (FY) 2019 per diem rate review for Alaska resulted in lodging and meal rate changes in certain locations. SUMMARY: DATES: Effective Date: June 1, 2019. FOR FURTHER INFORMATION CONTACT: Mr. Scott Laws, 571–372–1282. This notice notifies the public of revisions in per diem rates prescribed by the Defense Travel Management Office for travel to non-foreign areas outside the contiguous United States. The FY 2019 per diem rate review for Alaska resulted in lodging, meal and incidental rate changes in certain locations. Bulletin Number 309 is published in the Federal Register to ensure that Government travelers outside the Department of Defense are notified of revisions to the current reimbursement rates. If you believe the lodging, meal or incidental allowance rate for a locality listed in the following table is insufficient, you may request a rate review for that location. For more information about how to request a review, please see DTMO’s Per Diem Rate Review Frequently Asked Questions (FAQ) page at https:// www.defensetravel.dod.mil/site/ faqraterev.cfm. SUPPLEMENTARY INFORMATION: Dated: May 17, 2019. Aaron T. Siegel, Alternate OSD Federal Register Liaison Officer, Department of Defense. Lodging M&IE 161 161 229 199 320 265 161 219 161 161 161 161 161 161 161 161 161 140 139 109 E:\FR\FM\22MYN1.SGM 113 117 125 125 129 129 113 101 113 113 113 113 113 113 113 93 115 106 94 94 22MYN1 Total per diem 274 278 354 324 449 394 274 320 * 274 274 274 274 274 274 274 254 276 246 233 203 Effective date 06/01/2019 06/01/2019 06/01/2019 06/01/2019 06/01/2019 06/01/2019 06/01/2019 06/01/2019 06/01/2019 06/01/2019 06/01/2019 06/01/2019 06/01/2019 06/01/2019 06/01/2019 06/01/2019 06/01/2019 06/01/2019 06/01/2019 06/01/2019

Agencies

[Federal Register Volume 84, Number 99 (Wednesday, May 22, 2019)]
[Notices]
[Pages 23532-23533]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-10459]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Defense Acquisition Regulations System

[Docket Number DARS-2019-0020; OMB Control Number 0704-0478]


Information Collection Requirement; Defense Federal Acquisition 
Regulation Supplement (DFARS); Cyber Incident Reporting and Cloud 
Computing

AGENCY: Defense Acquisition Regulations System, Department of Defense 
(DoD).

ACTION: Notice and request for comments regarding a proposed extension 
of an approved information collection requirement.

-----------------------------------------------------------------------

SUMMARY: In compliance with section 3506(c)(2)(A) of the Paperwork 
Reduction Act of 1995, DoD announces the proposed extension of a public 
information collection requirement and seeks public comment on the 
provisions thereof. DoD invites comments on: Whether the proposed 
collection of information is necessary for the proper performance of 
the functions of DoD, including whether the information will have 
practical utility; the accuracy of the estimate of the burden of the 
proposed information collection; ways to enhance the quality, utility, 
and clarity of the information to be collected; and ways to minimize 
the burden of the information collection on respondents, including the 
use of automated collection techniques or other forms of information 
technology. The Office of Management and Budget (OMB) has approved this 
information collection for use through July 31, 2019. DoD proposes that 
OMB extend its approval for use for three additional years beyond the 
current expiration date.

DATES: DoD will consider all comments received by July 22, 2019.

ADDRESSES: You may submit comments, identified by OMB Control Number 
0704-0478, using any of the following methods:
    [cir] Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
    [cir] Email: [email protected]. Include OMB Control Number 0704-
0478 in the subject line of the message.
    [cir] Fax: 571-372-6094.
    [cir] Mail: Defense Acquisition Regulations System, Attn: Ms. 
Kimberly Ziegler, OUSD(A&S)DPC(DARS), 3060 Defense Pentagon, Room 
3B941, Washington, DC 20301-3060.
    Comments received generally will be posted without change to http://www.regulations.gov, including any personal information provided.

FOR FURTHER INFORMATION CONTACT: Ms. Kimberly Ziegler, at 571- 372-
6095.

SUPPLEMENTARY INFORMATION:
    Title, Associated Form, and OMB Number: Safeguarding Covered 
Defense Information, Cyber Incident Reporting, and Cloud Computing; OMB 
Control Number 0704-0478.
    Needs and Uses: Offerors and contractors must report cyber 
incidents on unclassified networks or information systems, within cloud 
computing services, and when they affect contractors designated as 
providing operationally critical support, as required by statute.

[[Page 23533]]

    a. The clause at DFARS 252.204-7012, Safeguarding Covered Defense 
Information and Cyber Incident Reporting, covers cyber incident 
reporting requirements for incidents that affect a covered contractor 
information system or the covered defense information residing therein, 
or that affects the contractor's ability to perform the requirements of 
the contract that are designated as operationally critical support and 
identified in the contract.
    b. DFARS provision 252.204-7008, Compliance with Safeguarding 
Covered Defense Information Controls, requires an offeror that proposes 
to vary from any of the security controls of National Institute of 
Standards and Technology (NIST) Special Publication (SP) 800-171 in 
effect at the time the solicitation is issued to submit to the 
contracting officer a written explanation of how the specified security 
control is not applicable or an alternative control or protective 
measure is used to achieve equivalent protection.
    c. DFARS provision 252.239-7009, Representation of Use of Cloud 
Computing, requires contractors to report that they ``anticipate'' or 
``do not anticipate'' utilizing cloud computing service in performance 
of the resultant contract. The representation will notify contracting 
officers of the applicability of the cloud computing requirements at 
DFARS clause 252.239-7010 of the contract.
    d. DFARS clause 252.239-7010, Cloud Computing Services, requires 
reporting of cyber incidents that occur when DoD is purchasing cloud 
computing services.
    These DFARS provisions and clauses facilitate mandatory cyber 
incident reporting requirements in accordance with statutory 
regulations. When reports are submitted, DoD will analyze the reported 
information for cyber threats and vulnerabilities in order to develop 
response measures as well as improve U.S. Government understanding of 
advanced cyber threat activity. In addition, the security requirements 
in NIST SP 800-171 are specifically tailored for use in protecting 
sensitive information residing in contractor information systems and 
generally reduce the burden placed on contractors by eliminating 
Federal-centric processes and requirements. The information provided 
will inform the Department in assessing the overall risk to DoD covered 
defense information on unclassified contractor systems and networks.
    Affected Public: Businesses or other for-profit and not-for-profit 
institutions.
    Respondent's Obligation: Required to obtain or retain benefits.
    Number of Respondents: 2,017.
    Responses per Respondent: Approximately 17.35.
    Annual Responses: 34,974.
    Average Burden per Response: .29 hours.
    Annual Burden Hours: 10,071.
    Frequency: On occasion.

Jennifer Lee Hawes,
Regulatory Control Officer, Defense Acquisition Regulations System.
[FR Doc. 2019-10459 Filed 5-21-19; 8:45 am]
 BILLING CODE 5001-06-P