Information Collection Requirement; Defense Federal Acquisition Regulation Supplement (DFARS); Assessing Contractor Implementation of Cybersecurity Requirements, 16706-16707 [2021-06571]

Download as PDF jbell on DSKJLSW7X2PROD with NOTICES 16706 Federal Register / Vol. 86, No. 60 / Wednesday, March 31, 2021 / Notices procurements conducted by or on behalf of the Japanese Ministry of Defense or Armed Forces. DATES: Comments must be received by April 30, 2021. ADDRESSES: Submit comments to Defense Pricing and Contracting, Attn: Mr. Gregory D. Snyder, 3060 Defense Pentagon, Room 3B938, Washington, DC 20301–3060; or by email to gregory.d.snyder.civ@mail.mil. FOR FURTHER INFORMATION CONTACT: Mr. Gregory D. Snyder, telephone 703–614– 0719. SUPPLEMENTARY INFORMATION: DoD has concluded a Reciprocal Defense Procurement Memorandum of Understanding (RDP MOU) with each of the 27 ‘‘qualifying’’ countries at the level of the Secretary of Defense and his counterpart. The purpose of an RDP MOU is to promote rationalization, standardization, and interoperability of conventional defense equipment with allies and other friendly governments. These RDP MOUs provide a framework for ongoing communication regarding market access and procurement matters that enhance effective defense cooperation. RDP MOUs generally include language by which the Parties agree that their defense procurements will be conducted in accordance with certain implementing procedures. These procedures relate to— • Publication of notices of proposed purchases; • The content and availability of solicitations for proposed purchases; • Notification to each unsuccessful offeror; • Feedback, upon request, to unsuccessful offerors concerning the reasons they were not allowed to participate in a procurement or were not awarded a contract; and • Provision for the hearing and review of complaints arising in connection with any phase of the procurement process to ensure that, to the extent possible, complaints are equitably and expeditiously resolved. Based on the RDP MOU, each country affords the other country certain benefits on a reciprocal basis consistent with national laws and regulations. The benefits that the United States accords to the products of qualifying countries include the following: • Offers of qualifying country end products are evaluated without applying the price differentials otherwise required by the Buy American statute and the Balance of Payments Program. • The chemical warfare protection clothing restrictions in 10 U.S.C. 2533a and the specialty metals restriction in VerDate Sep<11>2014 18:54 Mar 30, 2021 Jkt 253001 10 U.S.C. 2533b(a)(1) do not apply to products manufactured in a qualifying country. • Customs, taxes, and duties are waived for qualifying country end products and components of defense procurements. If DoD (for the U.S. Government) renews an RDP MOU with the Ministry of Defense of Japan, then Japan would continue to be listed as one of the ‘‘qualifying countries’’ in the definition of ‘‘qualifying country’’ at Defense Federal Acquisition Regulation Supplement (DFARS) 225.003, and offers of products of Japan, or that contain components from Japan, would continue to be afforded the benefits available to all qualifying countries. This also means that U.S. products would continue to be exempt from any analogous ‘‘Buy Japan’’ laws or policies applicable to procurements by the Japan Ministry of Defense or Armed Forces. While DoD is evaluating Japan’s laws and regulations in this area, DoD would benefit from U.S. industry’s experience in participating in Japan’s public defense procurements. DoD is, therefore, asking U.S. firms that have participated or attempted to participate in procurements by or on behalf of Japan’s Ministry of Defense or Armed Forces to let us know if the procurements were conducted with transparency, integrity, fairness, and due process in accordance with published procedures, and if not, the nature of the problems encountered. DoD is also interested in comments relating to the degree of reciprocity that exists between the United States and Japan when it comes to the openness of defense procurements to offers of products from the other country. Jennifer D. Johnson, Regulatory Control Officer, Defense Acquisition Regulations System. [FR Doc. 2021–06591 Filed 3–30–21; 8:45 am] BILLING CODE 5001–06–P Defense Acquisition Regulations System [Docket Number DARS–2020–0038; OMB Control Number 0750–0004] Information Collection Requirement; Defense Federal Acquisition Regulation Supplement (DFARS); Assessing Contractor Implementation of Cybersecurity Requirements Defense Acquisition Regulations System, Department of Defense (DoD). ACTION: Notice. PO 00000 Frm 00006 Fmt 4703 Sfmt 4703 a. Basic Assessment Respondents: 13,068. Responses per respondent: 1. Annual responses: 13,068. Hours per Response: 0.75. Annual Burden Hours: 9,801. b. Medium Assessment Respondents: 200. Responses per respondent: 1. Annual responses: 200. Hours per Response: 8. Annual Burden Hours: 1,600. c. High Assessment Respondents: 110. Responses per respondent: 1. Annual responses: 110. Hours per Response: 420. Annual Burden Hours: 46,200. d. Total Public Burden (All Entities) Respondents: 13,068. Total annual responses: 13,378. Total burden hours: 57,601. e. Total Public Burden (Small Entities) DEPARTMENT OF DEFENSE AGENCY: The Defense Acquisition Regulations System has submitted to OMB for clearance, the following proposal for collection of information under the provisions of the Paperwork Reduction Act. DATES: Consideration will be given to all comments received by April 30, 2021. SUPPLEMENTARY INFORMATION: Title and OMB Number: Defense Federal Acquisition Regulation Supplement (DFARS), Assessing Contractor Implementation of Cybersecurity Requirements; OMB Control Number 0750–0004. Type of Request: Extension of a currently approved collection. Affected Public: Businesses or other for-profit and not-for-profit institutions. Obligation to Respond: Required to obtain or retain benefits. DoD estimates the annual public reporting burden for the information collection as follows: Reporting Frequency: On occasion. SUMMARY: Respondents: 8,823. Total annual responses: 9,023. Total burden hours: 41,821. Needs and Uses: The collection of information is necessary for DoD to immediately begin assessing where vulnerabilities in its supply chain exist and take steps to correct such deficiencies. In addition, the collection of information is necessary to ensure Defense Industrial Base (DIB) contractors that have not fully implemented the NIST SP 800–171 security requirements pursuant to DFARS clause 252.204–7012, Safeguarding Covered Defense E:\FR\FM\31MRN1.SGM 31MRN1 jbell on DSKJLSW7X2PROD with NOTICES Federal Register / Vol. 86, No. 60 / Wednesday, March 31, 2021 / Notices Information and Cyber Incident Reporting, begin correcting these deficiencies immediately. This collection of information is implemented in the DFARS through the provision at 252.204–7019, Notice of NIST SP 800–171 DoD Assessment Requirement, and the clause at 252.204– 7020, NIST SP 800–171 DoD Assessment Requirements. This information collection covers the following requirements: • DFARS provision 252.204–7019, Notice of NIST SP 800–171 DoD Assessment Requirement, is prescribed for use in all solicitations, including solicitations using FAR part 12 procedures for the acquisition of commercial items, except for solicitations solely for the acquisition of commercially available off-the-shelf (COTS) items. Per the provision, if an offeror is required to have implemented NIST SP 800–171 per DFARS clause 252.204–7012, then the offeror shall have a current assessment posted in the Supplier Performance Risk System (SPRS) for each covered contractor information system that is relevant to the offer, contract, task order, or delivery order in order to be considered for award. If the offeror does not have summary level scores of a current NIST SP 800–171 DoD Assessment (i.e., not more than 3 years old, unless a lesser time is specified in the solicitation) posted in SPRS, the offeror may conduct and submit a Basic Assessment for posting in SPRS. • DFARS clause 252.204–7020, NIST SP 800–171 DoD Assessment Requirements, is prescribed for use in in all solicitations and contracts, including solicitations and contracts using FAR part 12 procedures for the acquisition of commercial items, except for solicitations and contracts solely for the acquisition of COTS items. The clause requires the contractor to provide the Government access to its facilities, systems, and personnel in order to conduct a Medium or High Assessment, if necessary. For Basic Assessments, the contractor may submit summary level scores for posting to SPRS. Medium Assessments are assumed to be conducted by DoD Components, primarily by Program Management Office cybersecurity personnel, in coordination with the Defense Contract Management Agency (DCMA) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC), as part of a separately scheduled visit (e.g., for a Critical Design Review). High Assessments will be conducted by, or in conjunction with, the DCMA DIBCAC. The Department may choose to conduct a Medium or High Assessment when VerDate Sep<11>2014 18:54 Mar 30, 2021 Jkt 253001 warranted based on the criticality of the program(s)/technology(ies) associated with the contracted effort(s). For example, a Medium Assessment may be initiated by a Program Office that has determined that the risk associated with their programs warrants going beyond the Basic self-assessment. The results of that Medium Assessment may satisfy the Program Office, or may indicate the need for a High assessment. DoD will provide Medium and High Assessment summary level scores to the contractor and offer the opportunity for rebuttal and adjudication of assessment summary level scores prior to posting the summary level scores to SPRS. The requirements of this clause flow down to subcontractors. Comments and recommendations on the proposed information collection should be sent to Ms. Susan Minson, DoD Desk Officer, at Oira_submission@ omb.eop.gov. Please identify the proposed information collection by DoD Desk Officer and the Docket ID number and title of the information collection. You may also submit comments, identified by docket number and title, by the following method: Federal eRulemaking Portal: https:// www.regulations.gov. Follow the instructions for submitting comments. DoD Clearance Officer: Ms. Angela James. Requests for copies of the information collection proposal should be sent to Ms. James at whs.mcalex.esd.mbx.dd-dod-informationcollections@mail.mil. Jennifer D. Johnson, Regulatory Control Officer, Defense Acquisition Regulations System. [FR Doc. 2021–06571 Filed 3–30–21; 8:45 am] BILLING CODE 6820–ep–P DEPARTMENT OF DEFENSE Defense Acquisition Regulations System [Docket Number DARS–2021–0003; OMB Control Number 0704–0483] Information Collection Requirement; Defense Federal Acquisition Regulation Supplement (DFARS); Independent Research and Development Technical Descriptions Defense Acquisition Regulations System, Department of Defense (DoD). ACTION: Notice. AGENCY: The Defense Acquisition Regulations System has submitted to OMB for clearance, the following proposal for collection of information SUMMARY: PO 00000 Frm 00007 Fmt 4703 Sfmt 9990 16707 under the provisions of the Paperwork Reduction Act. DATES: Consideration will be given to all comments received by April 30, 2021. SUPPLEMENTARY INFORMATION: Title and OMB Number: Defense Federal Acquisition Regulation Supplement (DFARS), Independent Research and Development Technical Descriptions; OMB Control Number 0704–0483. Type of Request: Revision and extension of a currently approved collection. Affected Public: Businesses or other for-profit and not-for-profit institutions. Obligation to Respond: Required to obtain or retain benefits. Reporting Frequency: On occasion. Number of Respondents: 69. Responses per Respondent: 90.49, approximately. Annual Responses: 6,244. Average Burden per Response: 0.5 hour. Annual Burden Hours: 3,122. Needs and Uses: DFARS 231.205–18 requires contractors to report independent research and development (IR&D) projects to the Defense Technical Information Center (DTIC) using DTIC’s online IR&D database. The inputs must be updated at least annually and when the project is completed. The data provide in-process information on IR&D projects for which DoD reimburses the contractor as an allowable indirect expense. In addition to improving the Department’s ability to determine whether contractor IR&D costs are allowable, the data provide visibility into the technical content of industry IR&D activities to meet DoD needs. Comments and recommendations on the proposed information collection should be sent to Ms. Susan Minson, DoD Desk Officer, at Oira_submission@ omb.eop.gov. Please identify the proposed information collection by DoD Desk Officer and the Docket ID number and title of the information collection. You may also submit comments, identified by docket number and title, by the following method: Federal eRulemaking Portal: https:// www.regulations.gov. Follow the instructions for submitting comments. DoD Clearance Officer: Ms. Angela James. Requests for copies of the information collection proposal should be sent to Ms. James at whs.mcalex.esd.mbx.dd-dod-informationcollections@mail.mil. Jennifer D. Johnson, Regulatory Control Officer, Defense Acquisition Regulations System. [FR Doc. 2021–06570 Filed 3–30–21; 8:45 am] BILLING CODE 6820–ep–P E:\FR\FM\31MRN1.SGM 31MRN1

Agencies

[Federal Register Volume 86, Number 60 (Wednesday, March 31, 2021)]
[Notices]
[Pages 16706-16707]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-06571]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Defense Acquisition Regulations System

[Docket Number DARS-2020-0038; OMB Control Number 0750-0004]


Information Collection Requirement; Defense Federal Acquisition 
Regulation Supplement (DFARS); Assessing Contractor Implementation of 
Cybersecurity Requirements

AGENCY: Defense Acquisition Regulations System, Department of Defense 
(DoD).

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The Defense Acquisition Regulations System has submitted to 
OMB for clearance, the following proposal for collection of information 
under the provisions of the Paperwork Reduction Act.

DATES: Consideration will be given to all comments received by April 
30, 2021.

SUPPLEMENTARY INFORMATION:
    Title and OMB Number: Defense Federal Acquisition Regulation 
Supplement (DFARS), Assessing Contractor Implementation of 
Cybersecurity Requirements; OMB Control Number 0750-0004.
    Type of Request: Extension of a currently approved collection.
    Affected Public: Businesses or other for-profit and not-for-profit 
institutions.
    Obligation to Respond: Required to obtain or retain benefits.
    DoD estimates the annual public reporting burden for the 
information collection as follows:
    Reporting Frequency: On occasion.

a. Basic Assessment

    Respondents: 13,068.
    Responses per respondent: 1.
    Annual responses: 13,068.
    Hours per Response: 0.75.
    Annual Burden Hours: 9,801.

b. Medium Assessment

    Respondents: 200.
    Responses per respondent: 1.
    Annual responses: 200.
    Hours per Response: 8.
    Annual Burden Hours: 1,600.

c. High Assessment

    Respondents: 110.
    Responses per respondent: 1.
    Annual responses: 110.
    Hours per Response: 420.
    Annual Burden Hours: 46,200.

d. Total Public Burden (All Entities)

    Respondents: 13,068.
    Total annual responses: 13,378.
    Total burden hours: 57,601.

e. Total Public Burden (Small Entities)

    Respondents: 8,823.
    Total annual responses: 9,023.
    Total burden hours: 41,821.
    Needs and Uses: The collection of information is necessary for DoD 
to immediately begin assessing where vulnerabilities in its supply 
chain exist and take steps to correct such deficiencies. In addition, 
the collection of information is necessary to ensure Defense Industrial 
Base (DIB) contractors that have not fully implemented the NIST SP 800-
171 security requirements pursuant to DFARS clause 252.204-7012, 
Safeguarding Covered Defense

[[Page 16707]]

Information and Cyber Incident Reporting, begin correcting these 
deficiencies immediately.
    This collection of information is implemented in the DFARS through 
the provision at 252.204-7019, Notice of NIST SP 800-171 DoD Assessment 
Requirement, and the clause at 252.204-7020, NIST SP 800-171 DoD 
Assessment Requirements. This information collection covers the 
following requirements:
     DFARS provision 252.204-7019, Notice of NIST SP 800-171 
DoD Assessment Requirement, is prescribed for use in all solicitations, 
including solicitations using FAR part 12 procedures for the 
acquisition of commercial items, except for solicitations solely for 
the acquisition of commercially available off-the-shelf (COTS) items. 
Per the provision, if an offeror is required to have implemented NIST 
SP 800-171 per DFARS clause 252.204-7012, then the offeror shall have a 
current assessment posted in the Supplier Performance Risk System 
(SPRS) for each covered contractor information system that is relevant 
to the offer, contract, task order, or delivery order in order to be 
considered for award. If the offeror does not have summary level scores 
of a current NIST SP 800-171 DoD Assessment (i.e., not more than 3 
years old, unless a lesser time is specified in the solicitation) 
posted in SPRS, the offeror may conduct and submit a Basic Assessment 
for posting in SPRS.
     DFARS clause 252.204-7020, NIST SP 800-171 DoD Assessment 
Requirements, is prescribed for use in in all solicitations and 
contracts, including solicitations and contracts using FAR part 12 
procedures for the acquisition of commercial items, except for 
solicitations and contracts solely for the acquisition of COTS items. 
The clause requires the contractor to provide the Government access to 
its facilities, systems, and personnel in order to conduct a Medium or 
High Assessment, if necessary. For Basic Assessments, the contractor 
may submit summary level scores for posting to SPRS. Medium Assessments 
are assumed to be conducted by DoD Components, primarily by Program 
Management Office cybersecurity personnel, in coordination with the 
Defense Contract Management Agency (DCMA) Defense Industrial Base 
Cybersecurity Assessment Center (DIBCAC), as part of a separately 
scheduled visit (e.g., for a Critical Design Review). High Assessments 
will be conducted by, or in conjunction with, the DCMA DIBCAC. The 
Department may choose to conduct a Medium or High Assessment when 
warranted based on the criticality of the program(s)/technology(ies) 
associated with the contracted effort(s). For example, a Medium 
Assessment may be initiated by a Program Office that has determined 
that the risk associated with their programs warrants going beyond the 
Basic self-assessment. The results of that Medium Assessment may 
satisfy the Program Office, or may indicate the need for a High 
assessment. DoD will provide Medium and High Assessment summary level 
scores to the contractor and offer the opportunity for rebuttal and 
adjudication of assessment summary level scores prior to posting the 
summary level scores to SPRS. The requirements of this clause flow down 
to subcontractors.
    Comments and recommendations on the proposed information collection 
should be sent to Ms. Susan Minson, DoD Desk Officer, at 
[email protected]. Please identify the proposed information 
collection by DoD Desk Officer and the Docket ID number and title of 
the information collection.
    You may also submit comments, identified by docket number and 
title, by the following method: Federal eRulemaking Portal: https://www.regulations.gov. Follow the instructions for submitting comments.
    DoD Clearance Officer: Ms. Angela James. Requests for copies of the 
information collection proposal should be sent to Ms. James at [email protected].

Jennifer D. Johnson,
Regulatory Control Officer, Defense Acquisition Regulations System.
[FR Doc. 2021-06571 Filed 3-30-21; 8:45 am]
BILLING CODE 6820-ep-P