Information Collection Requirement; Defense Federal Acquisition Regulation Supplement (DFARS); Assessing Contractor Implementation of Cybersecurity Requirements, 16706-16707 [2021-06571]
Download as PDF
<![CDATA[
jbell on DSKJLSW7X2PROD with NOTICES
16706
Federal Register / Vol. 86, No. 60 / Wednesday, March 31, 2021 / Notices
procurements conducted by or on behalf
of the Japanese Ministry of Defense or
Armed Forces.
DATES: Comments must be received by
April 30, 2021.
ADDRESSES: Submit comments to
Defense Pricing and Contracting, Attn:
Mr. Gregory D. Snyder, 3060 Defense
Pentagon, Room 3B938, Washington, DC
20301–3060; or by email to
gregory.d.snyder.civ@mail.mil.
FOR FURTHER INFORMATION CONTACT: Mr.
Gregory D. Snyder, telephone 703–614–
0719.
SUPPLEMENTARY INFORMATION: DoD has
concluded a Reciprocal Defense
Procurement Memorandum of
Understanding (RDP MOU) with each of
the 27 ‘‘qualifying’’ countries at the
level of the Secretary of Defense and his
counterpart. The purpose of an RDP
MOU is to promote rationalization,
standardization, and interoperability of
conventional defense equipment with
allies and other friendly governments.
These RDP MOUs provide a framework
for ongoing communication regarding
market access and procurement matters
that enhance effective defense
cooperation.
RDP MOUs generally include
language by which the Parties agree that
their defense procurements will be
conducted in accordance with certain
implementing procedures. These
procedures relate to—
• Publication of notices of proposed
purchases;
• The content and availability of
solicitations for proposed purchases;
• Notification to each unsuccessful
offeror;
• Feedback, upon request, to
unsuccessful offerors concerning the
reasons they were not allowed to
participate in a procurement or were not
awarded a contract; and
• Provision for the hearing and
review of complaints arising in
connection with any phase of the
procurement process to ensure that, to
the extent possible, complaints are
equitably and expeditiously resolved.
Based on the RDP MOU, each country
affords the other country certain
benefits on a reciprocal basis consistent
with national laws and regulations. The
benefits that the United States accords
to the products of qualifying countries
include the following:
• Offers of qualifying country end
products are evaluated without applying
the price differentials otherwise
required by the Buy American statute
and the Balance of Payments Program.
• The chemical warfare protection
clothing restrictions in 10 U.S.C. 2533a
and the specialty metals restriction in
VerDate Sep<11>2014
18:54 Mar 30, 2021
Jkt 253001
10 U.S.C. 2533b(a)(1) do not apply to
products manufactured in a qualifying
country.
• Customs, taxes, and duties are
waived for qualifying country end
products and components of defense
procurements.
If DoD (for the U.S. Government)
renews an RDP MOU with the Ministry
of Defense of Japan, then Japan would
continue to be listed as one of the
‘‘qualifying countries’’ in the definition
of ‘‘qualifying country’’ at Defense
Federal Acquisition Regulation
Supplement (DFARS) 225.003, and
offers of products of Japan, or that
contain components from Japan, would
continue to be afforded the benefits
available to all qualifying countries.
This also means that U.S. products
would continue to be exempt from any
analogous ‘‘Buy Japan’’ laws or policies
applicable to procurements by the Japan
Ministry of Defense or Armed Forces.
While DoD is evaluating Japan’s laws
and regulations in this area, DoD would
benefit from U.S. industry’s experience
in participating in Japan’s public
defense procurements. DoD is, therefore,
asking U.S. firms that have participated
or attempted to participate in
procurements by or on behalf of Japan’s
Ministry of Defense or Armed Forces to
let us know if the procurements were
conducted with transparency, integrity,
fairness, and due process in accordance
with published procedures, and if not,
the nature of the problems encountered.
DoD is also interested in comments
relating to the degree of reciprocity that
exists between the United States and
Japan when it comes to the openness of
defense procurements to offers of
products from the other country.
Jennifer D. Johnson,
Regulatory Control Officer, Defense
Acquisition Regulations System.
[FR Doc. 2021–06591 Filed 3–30–21; 8:45 am]
BILLING CODE 5001–06–P
Defense Acquisition Regulations
System
[Docket Number DARS–2020–0038; OMB
Control Number 0750–0004]
Information Collection Requirement;
Defense Federal Acquisition
Regulation Supplement (DFARS);
Assessing Contractor Implementation
of Cybersecurity Requirements
Defense Acquisition
Regulations System, Department of
Defense (DoD).
ACTION: Notice.
PO 00000
Frm 00006
Fmt 4703
Sfmt 4703
a. Basic Assessment
Respondents: 13,068.
Responses per respondent: 1.
Annual responses: 13,068.
Hours per Response: 0.75.
Annual Burden Hours: 9,801.
b. Medium Assessment
Respondents: 200.
Responses per respondent: 1.
Annual responses: 200.
Hours per Response: 8.
Annual Burden Hours: 1,600.
c. High Assessment
Respondents: 110.
Responses per respondent: 1.
Annual responses: 110.
Hours per Response: 420.
Annual Burden Hours: 46,200.
d. Total Public Burden (All Entities)
Respondents: 13,068.
Total annual responses: 13,378.
Total burden hours: 57,601.
e. Total Public Burden (Small Entities)
DEPARTMENT OF DEFENSE
AGENCY:
The Defense Acquisition
Regulations System has submitted to
OMB for clearance, the following
proposal for collection of information
under the provisions of the Paperwork
Reduction Act.
DATES: Consideration will be given to all
comments received by April 30, 2021.
SUPPLEMENTARY INFORMATION:
Title and OMB Number: Defense
Federal Acquisition Regulation
Supplement (DFARS), Assessing
Contractor Implementation of
Cybersecurity Requirements; OMB
Control Number 0750–0004.
Type of Request: Extension of a
currently approved collection.
Affected Public: Businesses or other
for-profit and not-for-profit institutions.
Obligation to Respond: Required to
obtain or retain benefits.
DoD estimates the annual public
reporting burden for the information
collection as follows:
Reporting Frequency: On occasion.
SUMMARY:
Respondents: 8,823.
Total annual responses: 9,023.
Total burden hours: 41,821.
Needs and Uses: The collection of
information is necessary for DoD to
immediately begin assessing where
vulnerabilities in its supply chain exist
and take steps to correct such
deficiencies. In addition, the collection
of information is necessary to ensure
Defense Industrial Base (DIB)
contractors that have not fully
implemented the NIST SP 800–171
security requirements pursuant to
DFARS clause 252.204–7012,
Safeguarding Covered Defense
E:\FR\FM\31MRN1.SGM
31MRN1
jbell on DSKJLSW7X2PROD with NOTICES
Federal Register / Vol. 86, No. 60 / Wednesday, March 31, 2021 / Notices
Information and Cyber Incident
Reporting, begin correcting these
deficiencies immediately.
This collection of information is
implemented in the DFARS through the
provision at 252.204–7019, Notice of
NIST SP 800–171 DoD Assessment
Requirement, and the clause at 252.204–
7020, NIST SP 800–171 DoD
Assessment Requirements. This
information collection covers the
following requirements:
• DFARS provision 252.204–7019,
Notice of NIST SP 800–171 DoD
Assessment Requirement, is prescribed
for use in all solicitations, including
solicitations using FAR part 12
procedures for the acquisition of
commercial items, except for
solicitations solely for the acquisition of
commercially available off-the-shelf
(COTS) items. Per the provision, if an
offeror is required to have implemented
NIST SP 800–171 per DFARS clause
252.204–7012, then the offeror shall
have a current assessment posted in the
Supplier Performance Risk System
(SPRS) for each covered contractor
information system that is relevant to
the offer, contract, task order, or
delivery order in order to be considered
for award. If the offeror does not have
summary level scores of a current NIST
SP 800–171 DoD Assessment (i.e., not
more than 3 years old, unless a lesser
time is specified in the solicitation)
posted in SPRS, the offeror may conduct
and submit a Basic Assessment for
posting in SPRS.
• DFARS clause 252.204–7020, NIST
SP 800–171 DoD Assessment
Requirements, is prescribed for use in in
all solicitations and contracts, including
solicitations and contracts using FAR
part 12 procedures for the acquisition of
commercial items, except for
solicitations and contracts solely for the
acquisition of COTS items. The clause
requires the contractor to provide the
Government access to its facilities,
systems, and personnel in order to
conduct a Medium or High Assessment,
if necessary. For Basic Assessments, the
contractor may submit summary level
scores for posting to SPRS. Medium
Assessments are assumed to be
conducted by DoD Components,
primarily by Program Management
Office cybersecurity personnel, in
coordination with the Defense Contract
Management Agency (DCMA) Defense
Industrial Base Cybersecurity
Assessment Center (DIBCAC), as part of
a separately scheduled visit (e.g., for a
Critical Design Review). High
Assessments will be conducted by, or in
conjunction with, the DCMA DIBCAC.
The Department may choose to conduct
a Medium or High Assessment when
VerDate Sep<11>2014
18:54 Mar 30, 2021
Jkt 253001
warranted based on the criticality of the
program(s)/technology(ies) associated
with the contracted effort(s). For
example, a Medium Assessment may be
initiated by a Program Office that has
determined that the risk associated with
their programs warrants going beyond
the Basic self-assessment. The results of
that Medium Assessment may satisfy
the Program Office, or may indicate the
need for a High assessment. DoD will
provide Medium and High Assessment
summary level scores to the contractor
and offer the opportunity for rebuttal
and adjudication of assessment
summary level scores prior to posting
the summary level scores to SPRS. The
requirements of this clause flow down
to subcontractors.
Comments and recommendations on
the proposed information collection
should be sent to Ms. Susan Minson,
DoD Desk Officer, at Oira_submission@
omb.eop.gov. Please identify the
proposed information collection by DoD
Desk Officer and the Docket ID number
and title of the information collection.
You may also submit comments,
identified by docket number and title,
by the following method: Federal
eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
DoD Clearance Officer: Ms. Angela
James. Requests for copies of the
information collection proposal should
be sent to Ms. James at whs.mcalex.esd.mbx.dd-dod-informationcollections@mail.mil.
Jennifer D. Johnson,
Regulatory Control Officer, Defense
Acquisition Regulations System.
[FR Doc. 2021–06571 Filed 3–30–21; 8:45 am]
BILLING CODE 6820–ep–P
DEPARTMENT OF DEFENSE
Defense Acquisition Regulations
System
[Docket Number DARS–2021–0003; OMB
Control Number 0704–0483]
Information Collection Requirement;
Defense Federal Acquisition
Regulation Supplement (DFARS);
Independent Research and
Development Technical Descriptions
Defense Acquisition
Regulations System, Department of
Defense (DoD).
ACTION: Notice.
AGENCY:
The Defense Acquisition
Regulations System has submitted to
OMB for clearance, the following
proposal for collection of information
SUMMARY:
PO 00000
Frm 00007
Fmt 4703
Sfmt 9990
16707
under the provisions of the Paperwork
Reduction Act.
DATES: Consideration will be given to all
comments received by April 30, 2021.
SUPPLEMENTARY INFORMATION:
Title and OMB Number: Defense
Federal Acquisition Regulation
Supplement (DFARS), Independent
Research and Development Technical
Descriptions; OMB Control Number
0704–0483.
Type of Request: Revision and
extension of a currently approved
collection.
Affected Public: Businesses or other
for-profit and not-for-profit institutions.
Obligation to Respond: Required to
obtain or retain benefits.
Reporting Frequency: On occasion.
Number of Respondents: 69.
Responses per Respondent: 90.49,
approximately.
Annual Responses: 6,244.
Average Burden per Response: 0.5
hour.
Annual Burden Hours: 3,122.
Needs and Uses: DFARS 231.205–18
requires contractors to report
independent research and development
(IR&D) projects to the Defense Technical
Information Center (DTIC) using DTIC’s
online IR&D database. The inputs must
be updated at least annually and when
the project is completed. The data
provide in-process information on IR&D
projects for which DoD reimburses the
contractor as an allowable indirect
expense. In addition to improving the
Department’s ability to determine
whether contractor IR&D costs are
allowable, the data provide visibility
into the technical content of industry
IR&D activities to meet DoD needs.
Comments and recommendations on
the proposed information collection
should be sent to Ms. Susan Minson,
DoD Desk Officer, at Oira_submission@
omb.eop.gov. Please identify the
proposed information collection by DoD
Desk Officer and the Docket ID number
and title of the information collection.
You may also submit comments,
identified by docket number and title,
by the following method: Federal
eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
DoD Clearance Officer: Ms. Angela
James. Requests for copies of the
information collection proposal should
be sent to Ms. James at whs.mcalex.esd.mbx.dd-dod-informationcollections@mail.mil.
Jennifer D. Johnson,
Regulatory Control Officer, Defense
Acquisition Regulations System.
[FR Doc. 2021–06570 Filed 3–30–21; 8:45 am]
BILLING CODE 6820–ep–P
E:\FR\FM\31MRN1.SGM
31MRN1
]]>Agencies
[Federal Register Volume 86, Number 60 (Wednesday, March 31, 2021)]
[Notices]
[Pages 16706-16707]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-06571]
-----------------------------------------------------------------------
DEPARTMENT OF DEFENSE
Defense Acquisition Regulations System
[Docket Number DARS-2020-0038; OMB Control Number 0750-0004]
Information Collection Requirement; Defense Federal Acquisition
Regulation Supplement (DFARS); Assessing Contractor Implementation of
Cybersecurity Requirements
AGENCY: Defense Acquisition Regulations System, Department of Defense
(DoD).
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The Defense Acquisition Regulations System has submitted to
OMB for clearance, the following proposal for collection of information
under the provisions of the Paperwork Reduction Act.
DATES: Consideration will be given to all comments received by April
30, 2021.
SUPPLEMENTARY INFORMATION:
Title and OMB Number: Defense Federal Acquisition Regulation
Supplement (DFARS), Assessing Contractor Implementation of
Cybersecurity Requirements; OMB Control Number 0750-0004.
Type of Request: Extension of a currently approved collection.
Affected Public: Businesses or other for-profit and not-for-profit
institutions.
Obligation to Respond: Required to obtain or retain benefits.
DoD estimates the annual public reporting burden for the
information collection as follows:
Reporting Frequency: On occasion.
a. Basic Assessment
Respondents: 13,068.
Responses per respondent: 1.
Annual responses: 13,068.
Hours per Response: 0.75.
Annual Burden Hours: 9,801.
b. Medium Assessment
Respondents: 200.
Responses per respondent: 1.
Annual responses: 200.
Hours per Response: 8.
Annual Burden Hours: 1,600.
c. High Assessment
Respondents: 110.
Responses per respondent: 1.
Annual responses: 110.
Hours per Response: 420.
Annual Burden Hours: 46,200.
d. Total Public Burden (All Entities)
Respondents: 13,068.
Total annual responses: 13,378.
Total burden hours: 57,601.
e. Total Public Burden (Small Entities)
Respondents: 8,823.
Total annual responses: 9,023.
Total burden hours: 41,821.
Needs and Uses: The collection of information is necessary for DoD
to immediately begin assessing where vulnerabilities in its supply
chain exist and take steps to correct such deficiencies. In addition,
the collection of information is necessary to ensure Defense Industrial
Base (DIB) contractors that have not fully implemented the NIST SP 800-
171 security requirements pursuant to DFARS clause 252.204-7012,
Safeguarding Covered Defense
[[Page 16707]]
Information and Cyber Incident Reporting, begin correcting these
deficiencies immediately.
This collection of information is implemented in the DFARS through
the provision at 252.204-7019, Notice of NIST SP 800-171 DoD Assessment
Requirement, and the clause at 252.204-7020, NIST SP 800-171 DoD
Assessment Requirements. This information collection covers the
following requirements:
DFARS provision 252.204-7019, Notice of NIST SP 800-171
DoD Assessment Requirement, is prescribed for use in all solicitations,
including solicitations using FAR part 12 procedures for the
acquisition of commercial items, except for solicitations solely for
the acquisition of commercially available off-the-shelf (COTS) items.
Per the provision, if an offeror is required to have implemented NIST
SP 800-171 per DFARS clause 252.204-7012, then the offeror shall have a
current assessment posted in the Supplier Performance Risk System
(SPRS) for each covered contractor information system that is relevant
to the offer, contract, task order, or delivery order in order to be
considered for award. If the offeror does not have summary level scores
of a current NIST SP 800-171 DoD Assessment (i.e., not more than 3
years old, unless a lesser time is specified in the solicitation)
posted in SPRS, the offeror may conduct and submit a Basic Assessment
for posting in SPRS.
DFARS clause 252.204-7020, NIST SP 800-171 DoD Assessment
Requirements, is prescribed for use in in all solicitations and
contracts, including solicitations and contracts using FAR part 12
procedures for the acquisition of commercial items, except for
solicitations and contracts solely for the acquisition of COTS items.
The clause requires the contractor to provide the Government access to
its facilities, systems, and personnel in order to conduct a Medium or
High Assessment, if necessary. For Basic Assessments, the contractor
may submit summary level scores for posting to SPRS. Medium Assessments
are assumed to be conducted by DoD Components, primarily by Program
Management Office cybersecurity personnel, in coordination with the
Defense Contract Management Agency (DCMA) Defense Industrial Base
Cybersecurity Assessment Center (DIBCAC), as part of a separately
scheduled visit (e.g., for a Critical Design Review). High Assessments
will be conducted by, or in conjunction with, the DCMA DIBCAC. The
Department may choose to conduct a Medium or High Assessment when
warranted based on the criticality of the program(s)/technology(ies)
associated with the contracted effort(s). For example, a Medium
Assessment may be initiated by a Program Office that has determined
that the risk associated with their programs warrants going beyond the
Basic self-assessment. The results of that Medium Assessment may
satisfy the Program Office, or may indicate the need for a High
assessment. DoD will provide Medium and High Assessment summary level
scores to the contractor and offer the opportunity for rebuttal and
adjudication of assessment summary level scores prior to posting the
summary level scores to SPRS. The requirements of this clause flow down
to subcontractors.
Comments and recommendations on the proposed information collection
should be sent to Ms. Susan Minson, DoD Desk Officer, at
[email protected]. Please identify the proposed information
collection by DoD Desk Officer and the Docket ID number and title of
the information collection.
You may also submit comments, identified by docket number and
title, by the following method: Federal eRulemaking Portal: https://www.regulations.gov. Follow the instructions for submitting comments.
DoD Clearance Officer: Ms. Angela James. Requests for copies of the
information collection proposal should be sent to Ms. James at [email protected].
Jennifer D. Johnson,
Regulatory Control Officer, Defense Acquisition Regulations System.
[FR Doc. 2021-06571 Filed 3-30-21; 8:45 am]
BILLING CODE 6820-ep-P
