Information Collection Requirement; Defense Federal Acquisition Regulation Supplement (DFARS); Cyber Incident Reporting and Cloud Computing; Submission for OMB Review; Comment Request, 36905-36907 [2019-16149]

Download as PDF Federal Register / Vol. 84, No. 146 / Tuesday, July 30, 2019 / Notices and recommendations to the Executive Director of the U.S. Army Center of Military History and to the Secretary of the Army. Agenda: August 15–16: The subcommittee is chartered to provide independent advice and recommendations to the Secretary of the Army on the educational, doctrinal, and research policies and activities of U.S. Army educational programs. At this meeting the subcommittee will review the Army historical program and discuss ways to improve the provision of historical support to the Army. The subcommittee will also discuss ways to increase cooperation between the historical and military professions in advancing the purpose of the Army Historical Program and furthering the mission of the U.S. Army Center of Military History to promote the study and use of military history in both civilian and military schools. Public Accessibility to the Meeting: Pursuant to 5 U.S.C. 552b, as amended, and 41 CFR 102–3.140 through 102– 3.165, and subject to the availability of space, this meeting is open to the public. Seating is on a first to arrive basis. Attendees are requested to submit their name, affiliation, and daytime phone number seven business days prior to the meeting to Mr. Crecca, via electronic mail, the preferred mode of submission, at the address listed in the jspears on DSK3GMQ082PROD with NOTICES FOR FURTHER INFORMATION CONTACT section. Members of the public attending the subcommittee meetings will not be permitted to present questions from the floor or speak to any issue under consideration by the subcommittee. Because the meeting of the subcommittee will be held in a Federal Government facility on a military post, security screening is required. A photo ID is required to enter post. Please note that security and gate guards have the right to inspect vehicles and persons seeking to enter and exit the installation. The Fort Eustis Club is fully handicapped accessible. Wheelchair access is available in front at the main entrance of the building. For additional information about public access procedures, contact Mr. Crecca, the subcommittee’s Alternate Designated Federal Officer, at the email address or telephone number listed in the FOR FURTHER INFORMATION CONTACT section. Written Comments or Statements: Pursuant to 41 CFR 102–3.105(j) and 102–3.140 and section 10(a)(3) of the Federal Advisory Committee Act, the public or interested organizations may submit written comments or statements to the subcommittee, in response to the VerDate Sep<11>2014 16:42 Jul 29, 2019 Jkt 247001 stated agenda of the open meeting or in regard to the subcommittee’s mission in general. Written comments or statements should be submitted to Mr. Crecca, the subcommittee Alternate Designated Federal Officer, via electronic mail, the preferred mode of submission, at the address listed in the FOR FURTHER INFORMATION CONTACT section. Each page of the comment or statement must include the author’s name, title or affiliation, address, and daytime phone number. The Alternate Designated Federal Officer will review all submitted written comments or statements. Written comments or statements being submitted in response to the agenda set forth in this notice must be received by the Alternate Designated Federal Officer at least seven business days prior to the meeting to be considered by the subcommittee. Written comments or statements received after this date may not be provided to the subcommittee until its next meeting. Pursuant to 41 CFR 102–3.140d, the subcommittee is not obligated to allow a member of the public to speak or otherwise address the subcommittee during the meeting. Members of the public will be permitted to make verbal comments during the subcommittee meeting only at the time and in the manner described below. If a member of the public is interested in making a verbal comment at the open meeting, that individual must submit a request, with a brief statement of the subject matter to be addressed by the comment, at least seven business days in advance to the subcommittee’s Alternate Designated Federal Official, via electronic mail, the preferred mode of submission, at the address listed in the FOR FURTHER INFORMATION CONTACT section. The Alternate Designated Federal Officer will log each request, in the order received, and in consultation with the Subcommittee Chair, determine whether the subject matter of each comment is relevant to the Subcommittee’s mission and/or the topics to be addressed in this public meeting. A 15-minute period near the end of the meeting will be available for verbal public comments. Members of the public who have requested to make a verbal comment and whose comments have been deemed relevant under the process described above, will be allotted no more than three minutes during the period, and will be invited to speak in the order in which their requests were PO 00000 Frm 00022 Fmt 4703 Sfmt 4703 36905 received by the Alternate Designated Federal Officer. Brenda S. Bowen, Army Federal Register Liaison Officer. [FR Doc. 2019–16146 Filed 7–29–19; 8:45 am] BILLING CODE 5001–03–P DEPARTMENT OF DEFENSE Defense Acquisition Regulations System [Docket Number DARS–2019–0021; OMB Control Number 0704–0478] Information Collection Requirement; Defense Federal Acquisition Regulation Supplement (DFARS); Cyber Incident Reporting and Cloud Computing; Submission for OMB Review; Comment Request Defense Acquisition Regulations System, Department of Defense (DoD). ACTION: Notice. AGENCY: The Defense Acquisition Regulations System has submitted to OMB for clearance, the following proposal for collection of information under the provisions of the Paperwork Reduction Act. DATES: Consideration will be given to all comments received by August 29, 2019. SUPPLEMENTARY INFORMATION: SUMMARY: A. Title and OMB Number Safeguarding Covered Defense Information, Cyber Incident Reporting, and Cloud Computing; OMB Control Number 0704–0478. B. Needs and Uses Offerors and contractors must report cyber incidents on unclassified networks or information systems, within cloud computing services, and when they affect contractors designated as providing operationally critical support, as required by statute. C. Annual Burden Number of Respondents: 2,017. Responses per Respondent: 17.35. Annual Responses: 34,974. Average Burden per Response: .29 hours. Annual Burden Hours: 10,071. Reporting Frequency: On Occasion. Affected Public. Businesses or other for-profit and not-for-profit institutions. Respondent’s Obligation: Required to obtain or retain benefits. Frequency: On occasion. Type of Request: Renewal of a currently approved collection. E:\FR\FM\30JYN1.SGM 30JYN1 jspears on DSK3GMQ082PROD with NOTICES 36906 Federal Register / Vol. 84, No. 146 / Tuesday, July 30, 2019 / Notices D. Public Comments A 60-day notice was published in the Federal Register at 84 FR 23532 on May 22, 2019. One respondent provided four comments, which are summarized below along with responses; however, the comments did not change the estimate of the burden. Comment: To ensure proper safeguarding of contractors’ attributional/proprietary information, the respondent recommends that the contractor submitting the information be: (1) Afforded an opportunity to review and propose redactions prior to release; (2) permitted to apply protective markings to information after its submission to the Government; and (3) allotted additional time to pursue any administrative or legal remedies in the event that the Government plans to disclose information that the contractor has otherwise proposed to be withheld. Response: DFARS 252.204–7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, authorizes DoD to release information that is obtained from the contractor (or derived from information obtained from the contractor) under this clause that is not created by or for DoD. It further states that: (1) The Government will protect against the unauthorized use or release of information obtained from the contractor (or derived from information obtained from the contractor) under this clause that includes contractor attributional/proprietary information; and (2) in making an authorized release of such information, the Government will implement appropriate procedures to minimize the contractor attributional/ proprietary information that is included in such authorized release, seeking to include only that information that is necessary for the authorized purpose(s) for which the information is being released. A foundational element of the mandatory reporting requirement is the recognition that the information being shared between the parties may include extremely sensitive information that requires protection. Information regarding the Government’s safeguarding of information received from the contractors that require protection can be referenced in the DoD Privacy Impact Assessment (PIA). The PIA provides detailed procedures for handling personally identifiable information (PII), attributional information about the strengths or vulnerabilities of specific covered contractor information systems, information providing a perceived or real competitive advantage on future procurement action, and contractor VerDate Sep<11>2014 16:42 Jul 29, 2019 Jkt 247001 information marked as proprietary or commercial or financial information (see OMB Control Number 0704–0489, DoD’s Defense Industrial Base (DIB) Cybersecurity (CS) Activities Cyber Incident Reporting). Additionally, 32 CFR part 236 implements mandatory information sharing requirements of 10 U.S.C. 391 and 393 by requiring DoD contractors to report key information regarding cyber incidents, and to provide access to equipment or information enabling DoD to conduct forensic analysis to determine if or how DoD information was impacted in a cyber incident. The rule’s implementation of these requirements is tailored to minimize the sharing of unnecessary information (whether sensitive or not), including by carefully tailoring the information required in the initial incident reports (32 CFR 236.4(c)), by expressly limiting the scope of the requirement to provide DoD with access to only such information that is ‘‘necessary to conduct a forensic analysis,’’ and by affirmatively requiring the Government to safeguard any contractor attributional/proprietary information that has been shared (or derived from information that has been shared) against any unauthorized access or use. In the event that the contractor believes that there is information that meets the criteria for mandatory reporting, but the contractor desires not to share that information due to its sensitivity, then the contractor should immediately raise that issue to the DoD points of contact (i.e., contracting officer, contracting officer’s representative, or requiring activity) for the contract(s) governing the activity in question. Comment: The respondent commented that the ‘‘rapidly reporting’’ requirement at DFARS 252.204– 7012(c)(1)(2) is extremely burdensome on contractors. The respondent recommends either extending the period to report or, otherwise, amending the clause to explain that the 72-hour reporting period begins to run once a contractor knows or should have known that covered defense information (CDI) was adversely impacted or it is ‘‘highly likely’’ that CDI was adversely impacted. The respondent also recommends that a medium assurance certificate need not be required for initial reporting, since this limits the person(s) within the entity who may report and may impede the ability to report within the requisite time period. Response: The contractor is required to report known or potential cyber incidents within 72 hours of discovery. Timeliness in reporting cyber incidents is a key element in cybersecurity and PO 00000 Frm 00023 Fmt 4703 Sfmt 4703 provides the clearest understanding of the cyber threat targeting DoD information. The 72-hour period has proven to be an effective balance of the need for timely reporting while recognizing the challenges inherent in the initial phases of investigating a cyber incident. Contractors should report available information within the 72-hour period and provide updates if more information becomes available. The requirement to have medium assurance certificates is important to communicate securely with DoD and to securely access DoD’s reporting website. Comment: The respondent commented that there is often ambiguity as to what is considered CDI under specific contracts, which ought to be resolved by the Government, as agency personnel are best suited to identify the CDI being provided to a contractor and make appropriate notifications. The respondent recommended that DoD develop processes and procedures for engaging with contractors on the designation of information as CDI during the solicitation process or otherwise before the contract is finalized. Response: Processes already exist for the contractor to engage with DoD personnel to request clarification regarding CDI, both during the solicitation phase and during contract performance. Comment: The respondent commented that certain commands within the Department have created contract-specific requirements mandating that contractors apply the protections and reporting requirements of DFARS 252.204–7012—including the reporting and record-keeping obligations—to categories of information much broader than CDI. The respondent recommends that commercial-item contractors and contractors that do not possess CDI, regardless of contractspecific cybersecurity requirements, be exempt from the reporting and recordkeeping requirements. The respondent further suggests that agencies be required to obtain approval from a centralized office within the Department and to explain the basis for requiring protections in excess of what is required by DFARS 252.204–7012. Response: Covered defense information is a term used to identify information that requires protection under DFARS clause 252.204–7012 that means unclassified controlled technical information or other information that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Governmentwide policies. When the acquisition of commercial items or services involves E:\FR\FM\30JYN1.SGM 30JYN1 Federal Register / Vol. 84, No. 146 / Tuesday, July 30, 2019 / Notices covered defense information, DFARS clause 252.204–7012 and any additional contract-specific cybersecurity requirements incorporated by the requiring activity will apply to both the solicitation and resulting contract. DFARS 252.204–7012 requires the contractor to provide adequate security on any unclassified information system that is owned, or operated by or for, the contractor and that processes, stores, or transmits covered defense information. Covered defense information, when provided to the contractor, by or on behalf of DoD in support of the performance of the contract, must be marked or otherwise identified in the contract, task order, or delivery order. If a contractor has reason to question whether the information requires protection under this clause, the contractor should consult with the cognizant contracting officer for clarification. DoD agencies follow the Department’s policies for information protection contained in DoD Manual (DoDM) 5200.01 Vol 4, DoD Information Security Program: CUI, and in DoD Instruction (DoDI) 5230.24, Distribution Statements on Technical Documents. As these policies have been in place for several years, the Department does not require a centralized office to oversee their execution. E. Desk Officer Comments and recommendations on the proposed information collection should be sent to Ms. Jasmeet Seehra, DoD Desk Officer, at Oira_submission@ omb.eop.gov. Please identify the proposed information collection by DoD Desk Officer and the Docket ID number and title of the information collection. You may also submit comments, identified by docket number and title, to: Federal eRulemaking Portal: http:// www.regulations.gov. Follow the instructions for submitting comments. F. DoD Clearance Officer jspears on DSK3GMQ082PROD with NOTICES Ms. Angela James. Written requests for copies of the information collection proposal should be sent to Ms. James at whs.mc-alex.esd.mbx.dd-dodinformation-collections@mail.mil. Jennifer Lee Hawes, Regulatory Control Officer, Defense Acquisition Regulations System. [FR Doc. 2019–16149 Filed 7–29–19; 8:45 am] BILLING CODE 5001–06–P VerDate Sep<11>2014 16:42 Jul 29, 2019 Jkt 247001 DEPARTMENT OF EDUCATION Applications for New Awards; Technical Assistance and Dissemination To Improve Services and Results for Children With Disabilities—Planning Grants for Increasing Instructional Time and Reducing Administrative Burdens Office of Special Education and Rehabilitative Services, Department of Education. ACTION: Notice; correction. AGENCY: On July 15, 2019, we published in the Federal Register a notice inviting applications (NIA) for new awards for fiscal year (FY) 2019 for Technical Assistance and Dissemination To Improve Services and Results for Children With Disabilities—Planning Grants for Increasing Instructional Time and Reducing Administrative Burdens program, Catalog of Federal Domestic Assistance (CFDA) number 84.326A. The NIA published with the incorrect application period, which should be 45 days instead of 30. We are also correcting the award size, which should be a range from $150,000 to $250,000, which updates the estimated number of awards from 10 to a range of 6 to 10. DATES: This correction is applicable July 30, 2019. FOR FURTHER INFORMATION CONTACT: David Egnor, U.S. Department of Education, 400 Maryland Avenue SW, Room 5163, Potomac Center Plaza, Washington, DC 20202–5108. Telephone: (202) 245–7334. Email: David.Egnor@ed.gov. If you use a telecommunications device for the deaf (TDD) or a text telephone (TTY), call the Federal Relay Service (FRS), toll free, at 1–800–877– 8339. SUMMARY: On July 15, 2019, we published in the Federal Register an NIA for new awards for FY 2019 for Technical Assistance and Dissemination To Improve Services and Results for Children With Disabilities— Planning Grants for Increasing Instructional Time and Reducing Administrative Burdens (84 FR 33762). In the NIA, an error was made regarding the application period, which should be 45 days instead of 30. With this correction, the deadline for transmittal of applications is August 29, 2019. In addition, we are correcting the award size from $150,000 to a range between $150,000 to $250,000. This correction to the award size is necessary because planning costs may vary from State to State. Consequently, the estimated number of awards are corrected from 10 SUPPLEMENTARY INFORMATION: PO 00000 Frm 00024 Fmt 4703 Sfmt 9990 36907 to a range of 6 to 10. Applicants are not limited to a maximum award size of $150,000 for a project period of 12 months. Corrections In FR Doc. 2019–14890 appearing on page 33762 in the Federal Register on July 15, 2019, the following corrections are made: 1. On page 33762, under DATES at the bottom of the middle column, we are revising the Deadline for Transmittal of Applications so that the date reads as follows: August 29, 2019. 2. On page 33764, in section II. Award Information, in the right column, we are revising Maximum Award to read as follows: Award Size: We recognize that planning costs may vary from State to State and anticipate awarding planning grants that range from $150,000 to $250,000 for a single budget period of 12 months. 3. On page 33764, in section II. Award Information, in the right column, we are revising Estimated Number of Awards to read as follows: Estimated Number of Awards: 6–10. Program Authority: 20 U.S.C. 1463 and 1481. Accessible Format: Individuals with disabilities can obtain this document and a copy of the application package in an accessible format (e.g., Braille, large print, audiotape, or compact disc) on request to the program contact person listed under FOR FURTHER INFORMATION CONTACT. Electronic Access to This Document: The official version of this document is the document published in the Federal Register. You may access the official edition of the Federal Register and the Code of Federal Regulations at www.govinfo.gov. At this site you can view this document, as well as all other documents of this Department published in the Federal Register, in text or Portable Document Format (PDF). To use PDF you must have Adobe Acrobat Reader, which is available free at this site. You may also access documents of the Department published in the Federal Register by using the article search feature at www.federalregister.gov. Specifically, through the advanced search feature at this site, you can limit your search to documents published by the Department. Johnny W. Collett, Assistant Secretary for Special Education and Rehabilitative Services. [FR Doc. 2019–16135 Filed 7–29–19; 8:45 am] BILLING CODE 4000–01–P E:\FR\FM\30JYN1.SGM 30JYN1

Agencies

[Federal Register Volume 84, Number 146 (Tuesday, July 30, 2019)]
[Notices]
[Pages 36905-36907]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-16149]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Defense Acquisition Regulations System

[Docket Number DARS-2019-0021; OMB Control Number 0704-0478]


Information Collection Requirement; Defense Federal Acquisition 
Regulation Supplement (DFARS); Cyber Incident Reporting and Cloud 
Computing; Submission for OMB Review; Comment Request

AGENCY: Defense Acquisition Regulations System, Department of Defense 
(DoD).

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The Defense Acquisition Regulations System has submitted to 
OMB for clearance, the following proposal for collection of information 
under the provisions of the Paperwork Reduction Act.

DATES: Consideration will be given to all comments received by August 
29, 2019.

SUPPLEMENTARY INFORMATION:

A. Title and OMB Number

    Safeguarding Covered Defense Information, Cyber Incident Reporting, 
and Cloud Computing; OMB Control Number 0704-0478.

B. Needs and Uses

    Offerors and contractors must report cyber incidents on 
unclassified networks or information systems, within cloud computing 
services, and when they affect contractors designated as providing 
operationally critical support, as required by statute.

C. Annual Burden

    Number of Respondents: 2,017.
    Responses per Respondent: 17.35.
    Annual Responses: 34,974.
    Average Burden per Response: .29 hours.
    Annual Burden Hours: 10,071.
    Reporting Frequency: On Occasion.
    Affected Public. Businesses or other for-profit and not-for-profit 
institutions.
    Respondent's Obligation: Required to obtain or retain benefits.
    Frequency: On occasion.
    Type of Request: Renewal of a currently approved collection.

[[Page 36906]]

D. Public Comments

    A 60-day notice was published in the Federal Register at 84 FR 
23532 on May 22, 2019. One respondent provided four comments, which are 
summarized below along with responses; however, the comments did not 
change the estimate of the burden.
    Comment: To ensure proper safeguarding of contractors' 
attributional/proprietary information, the respondent recommends that 
the contractor submitting the information be: (1) Afforded an 
opportunity to review and propose redactions prior to release; (2) 
permitted to apply protective markings to information after its 
submission to the Government; and (3) allotted additional time to 
pursue any administrative or legal remedies in the event that the 
Government plans to disclose information that the contractor has 
otherwise proposed to be withheld.
    Response: DFARS 252.204-7012, Safeguarding Covered Defense 
Information and Cyber Incident Reporting, authorizes DoD to release 
information that is obtained from the contractor (or derived from 
information obtained from the contractor) under this clause that is not 
created by or for DoD. It further states that: (1) The Government will 
protect against the unauthorized use or release of information obtained 
from the contractor (or derived from information obtained from the 
contractor) under this clause that includes contractor attributional/
proprietary information; and (2) in making an authorized release of 
such information, the Government will implement appropriate procedures 
to minimize the contractor attributional/proprietary information that 
is included in such authorized release, seeking to include only that 
information that is necessary for the authorized purpose(s) for which 
the information is being released. A foundational element of the 
mandatory reporting requirement is the recognition that the information 
being shared between the parties may include extremely sensitive 
information that requires protection. Information regarding the 
Government's safeguarding of information received from the contractors 
that require protection can be referenced in the DoD Privacy Impact 
Assessment (PIA). The PIA provides detailed procedures for handling 
personally identifiable information (PII), attributional information 
about the strengths or vulnerabilities of specific covered contractor 
information systems, information providing a perceived or real 
competitive advantage on future procurement action, and contractor 
information marked as proprietary or commercial or financial 
information (see OMB Control Number 0704-0489, DoD's Defense Industrial 
Base (DIB) Cybersecurity (CS) Activities Cyber Incident Reporting). 
Additionally, 32 CFR part 236 implements mandatory information sharing 
requirements of 10 U.S.C. 391 and 393 by requiring DoD contractors to 
report key information regarding cyber incidents, and to provide access 
to equipment or information enabling DoD to conduct forensic analysis 
to determine if or how DoD information was impacted in a cyber 
incident. The rule's implementation of these requirements is tailored 
to minimize the sharing of unnecessary information (whether sensitive 
or not), including by carefully tailoring the information required in 
the initial incident reports (32 CFR 236.4(c)), by expressly limiting 
the scope of the requirement to provide DoD with access to only such 
information that is ``necessary to conduct a forensic analysis,'' and 
by affirmatively requiring the Government to safeguard any contractor 
attributional/proprietary information that has been shared (or derived 
from information that has been shared) against any unauthorized access 
or use. In the event that the contractor believes that there is 
information that meets the criteria for mandatory reporting, but the 
contractor desires not to share that information due to its 
sensitivity, then the contractor should immediately raise that issue to 
the DoD points of contact (i.e., contracting officer, contracting 
officer's representative, or requiring activity) for the contract(s) 
governing the activity in question.
    Comment: The respondent commented that the ``rapidly reporting'' 
requirement at DFARS 252.204-7012(c)(1)(2) is extremely burdensome on 
contractors. The respondent recommends either extending the period to 
report or, otherwise, amending the clause to explain that the 72-hour 
reporting period begins to run once a contractor knows or should have 
known that covered defense information (CDI) was adversely impacted or 
it is ``highly likely'' that CDI was adversely impacted. The respondent 
also recommends that a medium assurance certificate need not be 
required for initial reporting, since this limits the person(s) within 
the entity who may report and may impede the ability to report within 
the requisite time period.
    Response: The contractor is required to report known or potential 
cyber incidents within 72 hours of discovery. Timeliness in reporting 
cyber incidents is a key element in cybersecurity and provides the 
clearest understanding of the cyber threat targeting DoD information. 
The 72-hour period has proven to be an effective balance of the need 
for timely reporting while recognizing the challenges inherent in the 
initial phases of investigating a cyber incident. Contractors should 
report available information within the 72-hour period and provide 
updates if more information becomes available. The requirement to have 
medium assurance certificates is important to communicate securely with 
DoD and to securely access DoD's reporting website.
    Comment: The respondent commented that there is often ambiguity as 
to what is considered CDI under specific contracts, which ought to be 
resolved by the Government, as agency personnel are best suited to 
identify the CDI being provided to a contractor and make appropriate 
notifications. The respondent recommended that DoD develop processes 
and procedures for engaging with contractors on the designation of 
information as CDI during the solicitation process or otherwise before 
the contract is finalized.
    Response: Processes already exist for the contractor to engage with 
DoD personnel to request clarification regarding CDI, both during the 
solicitation phase and during contract performance.
    Comment: The respondent commented that certain commands within the 
Department have created contract-specific requirements mandating that 
contractors apply the protections and reporting requirements of DFARS 
252.204-7012--including the reporting and record-keeping obligations--
to categories of information much broader than CDI. The respondent 
recommends that commercial-item contractors and contractors that do not 
possess CDI, regardless of contract-specific cybersecurity 
requirements, be exempt from the reporting and recordkeeping 
requirements. The respondent further suggests that agencies be required 
to obtain approval from a centralized office within the Department and 
to explain the basis for requiring protections in excess of what is 
required by DFARS 252.204-7012.
    Response: Covered defense information is a term used to identify 
information that requires protection under DFARS clause 252.204-7012 
that means unclassified controlled technical information or other 
information that requires safeguarding or dissemination controls 
pursuant to and consistent with law, regulations, and Governmentwide 
policies. When the acquisition of commercial items or services involves

[[Page 36907]]

covered defense information, DFARS clause 252.204-7012 and any 
additional contract-specific cybersecurity requirements incorporated by 
the requiring activity will apply to both the solicitation and 
resulting contract. DFARS 252.204-7012 requires the contractor to 
provide adequate security on any unclassified information system that 
is owned, or operated by or for, the contractor and that processes, 
stores, or transmits covered defense information. Covered defense 
information, when provided to the contractor, by or on behalf of DoD in 
support of the performance of the contract, must be marked or otherwise 
identified in the contract, task order, or delivery order. If a 
contractor has reason to question whether the information requires 
protection under this clause, the contractor should consult with the 
cognizant contracting officer for clarification. DoD agencies follow 
the Department's policies for information protection contained in DoD 
Manual (DoDM) 5200.01 Vol 4, DoD Information Security Program: CUI, and 
in DoD Instruction (DoDI) 5230.24, Distribution Statements on Technical 
Documents. As these policies have been in place for several years, the 
Department does not require a centralized office to oversee their 
execution.

E. Desk Officer

    Comments and recommendations on the proposed information collection 
should be sent to Ms. Jasmeet Seehra, DoD Desk Officer, at 
[email protected]. Please identify the proposed information 
collection by DoD Desk Officer and the Docket ID number and title of 
the information collection.
    You may also submit comments, identified by docket number and 
title, to: Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.

F. DoD Clearance Officer

    Ms. Angela James. Written requests for copies of the information 
collection proposal should be sent to Ms. James at [email protected].

Jennifer Lee Hawes,
Regulatory Control Officer, Defense Acquisition Regulations System.
[FR Doc. 2019-16149 Filed 7-29-19; 8:45 am]
 BILLING CODE 5001-06-P