Information Collection Requirements; Defense Federal Acquisition Regulation Supplement (DFARS); Cyber Incident Reporting and Cloud Computing, 53462 [2022-18769]
Download as PDF
<![CDATA[
53462
Federal Register / Vol. 87, No. 168 / Wednesday, August 31, 2022 / Notices
documentation to the contracting officer
regarding potential claims, open claims,
and settlements providing war-hazard
benefits to contractor employees.
DFARS 252.228–7005, Accident
Reporting and Investigation Involving
Aircraft, Missiles, and Space Launch
Vehicles, requires the contractor to
report promptly to the administrative
contracting officer all pertinent facts
relating to each accident involving an
aircraft, missile, or space launch vehicle
being manufactured, modified, repaired,
or overhauled in connection with the
contract. DFARS 252.228–7006,
Compliance with Spanish Laws and
Insurance, requires the contractor to
provide the contracting officer with a
written representation that the
contractor has obtained the required
types of insurance in the minimum
amounts specified in the clause, when
performing a service or construction
contract in Spain.
Comments and recommendations on
the proposed information collection
should be sent to Ms. Susan Minson,
DoD Desk Officer, at Oira_submission@
omb.eop.gov. Please identify the
proposed information collection by DoD
Desk Officer and the Docket ID number
and title of the information collection.
You may also submit comments,
identified by docket number and title,
by the following method: Federal
eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
DoD Clearance Officer: Ms. Angela
Duncan. Requests for copies of the
information collection proposal should
be sent to Ms. Duncan at whs.mcalex.esd.mbx.dd-dod-informationcollections@mail.mil.
Jennifer D. Johnson,
Editor/Publisher, Defense Acquisition
Regulations System.
[FR Doc. 2022–18735 Filed 8–30–22; 8:45 am]
BILLING CODE 5001–06–P
DEPARTMENT OF DEFENSE
Defense Acquisition Regulations
System
lotter on DSK11XQN23PROD with NOTICES1
[Docket Number DARS–2022–0016; OMB
Control Number 0704–0478]
Information Collection Requirements;
Defense Federal Acquisition
Regulation Supplement (DFARS);
Cyber Incident Reporting and Cloud
Computing
Defense Acquisition
Regulations System, Department of
Defense (DoD).
AGENCY:
VerDate Sep<11>2014
19:26 Aug 30, 2022
Jkt 256001
ACTION:
Notice.
The Defense Acquisition
Regulations System has submitted to
OMB for clearance the following
proposal for collection of information
under the provisions of the Paperwork
Reduction Act.
DATES: Consideration will be given to all
comments received by September 30,
2022.
SUMMARY:
SUPPLEMENTARY INFORMATION:
Title and OMB Number: Safeguarding
Covered Defense Information, Cyber
Incident Reporting, and Cloud
Computing; OMB Control Number
0704–0478.
Affected Public: Businesses or other
for-profit and not-for-profit institutions.
Respondent’s Obligation: Required to
obtain or retain benefits.
Type of Request: Extension of a
currently approved collection.
Number of Respondents: 2,097.
Responses per Respondent: 7.99,
approximately.
Annual Responses: 16,760.
Average Burden per Response: 0.46
hours.
Annual Burden Hours: 7,695.
Reporting Frequency: On occasion.
Needs and Uses: Offerors and
contractors must report cyber incidents
on unclassified networks or information
systems, within cloud computing
services, and when they affect
contractors designated as providing
operationally critical support, as
required by statute.
a. The clause at DFARS 252.204–
7012, Safeguarding Covered Defense
Information and Cyber Incident
Reporting, covers cyber incident
reporting requirements for incidents
that affect a covered contractor
information system or the covered
defense information residing therein, or
that affects the contractor’s ability to
perform the requirements of the contract
that are designated as operationally
critical support and identified in the
contract.
b. DFARS provision 252.204–7008,
Compliance with Safeguarding Covered
Defense Information Controls, requires
an offeror that proposes to vary from
any of the security controls of National
Institute of Standards and Technology
(NIST) Special Publication (SP) 800–171
in effect at the time the solicitation is
issued to submit to the contracting
officer a written explanation of how the
specified security control is not
applicable or an alternative control or
protective measure is used to achieve
equivalent protection.
PO 00000
Frm 00022
Fmt 4703
Sfmt 4703
c. DFARS provision 252.239–7009,
Representation of Use of Cloud
Computing, requires contractors to
report that they ‘‘anticipate’’ or ‘‘do not
anticipate’’ utilizing cloud computing
service in performance of the resultant
contract. The representation will notify
contracting officers of the applicability
of the cloud computing requirements at
DFARS clause 252.239–7010 of the
contract.
d. DFARS clause 252.239–7010,
Cloud Computing Services, requires
reporting of cyber incidents that occur
when DoD is purchasing cloud
computing services.
These DFARS provisions and clauses
facilitate mandatory cyber incident
reporting requirements in accordance
with statutory regulations. When reports
are submitted, DoD will analyze the
reported information for cyber threats
and vulnerabilities in order to develop
response measures as well as improve
U.S. Government understanding of
advanced cyber threat activity. In
addition, the security requirements in
NIST SP 800–171 are specifically
tailored for use in protecting sensitive
information residing in contractor
information systems and generally
reduce the burden placed on contractors
by eliminating Federal-centric processes
and requirements. The information
provided will inform DoD in assessing
the overall risk to DoD covered defense
information on unclassified contractor
systems and networks.
Comments and recommendations on
the proposed information collection
should be sent to Ms. Susan Minson,
DoD Desk Officer, at Oira_submission@
omb.eop.gov. Please identify the
proposed information collection by DoD
Desk Officer and the Docket ID number
and title of the information collection.
You may also submit comments,
identified by docket number and title,
by the following method: Federal
eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
DoD Clearance Officer: Ms. Angela
Duncan. Requests for copies of the
information collection proposal should
be sent to Ms. Duncan at whs.mcalex.esd.mbx.dd-dod-informationcollections@mail.mil.
Jennifer D. Johnson,
Editor/Publisher, Defense Acquisition
Regulations System.
[FR Doc. 2022–18769 Filed 8–30–22; 8:45 am]
BILLING CODE 5001–06–P
E:\FR\FM\31AUN1.SGM
31AUN1
]]>Agencies
[Federal Register Volume 87, Number 168 (Wednesday, August 31, 2022)]
[Notices]
[Page 53462]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-18769]
-----------------------------------------------------------------------
DEPARTMENT OF DEFENSE
Defense Acquisition Regulations System
[Docket Number DARS-2022-0016; OMB Control Number 0704-0478]
Information Collection Requirements; Defense Federal Acquisition
Regulation Supplement (DFARS); Cyber Incident Reporting and Cloud
Computing
AGENCY: Defense Acquisition Regulations System, Department of Defense
(DoD).
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The Defense Acquisition Regulations System has submitted to
OMB for clearance the following proposal for collection of information
under the provisions of the Paperwork Reduction Act.
DATES: Consideration will be given to all comments received by
September 30, 2022.
SUPPLEMENTARY INFORMATION:
Title and OMB Number: Safeguarding Covered Defense Information,
Cyber Incident Reporting, and Cloud Computing; OMB Control Number 0704-
0478.
Affected Public: Businesses or other for-profit and not-for-profit
institutions.
Respondent's Obligation: Required to obtain or retain benefits.
Type of Request: Extension of a currently approved collection.
Number of Respondents: 2,097.
Responses per Respondent: 7.99, approximately.
Annual Responses: 16,760.
Average Burden per Response: 0.46 hours.
Annual Burden Hours: 7,695.
Reporting Frequency: On occasion.
Needs and Uses: Offerors and contractors must report cyber
incidents on unclassified networks or information systems, within cloud
computing services, and when they affect contractors designated as
providing operationally critical support, as required by statute.
a. The clause at DFARS 252.204-7012, Safeguarding Covered Defense
Information and Cyber Incident Reporting, covers cyber incident
reporting requirements for incidents that affect a covered contractor
information system or the covered defense information residing therein,
or that affects the contractor's ability to perform the requirements of
the contract that are designated as operationally critical support and
identified in the contract.
b. DFARS provision 252.204-7008, Compliance with Safeguarding
Covered Defense Information Controls, requires an offeror that proposes
to vary from any of the security controls of National Institute of
Standards and Technology (NIST) Special Publication (SP) 800-171 in
effect at the time the solicitation is issued to submit to the
contracting officer a written explanation of how the specified security
control is not applicable or an alternative control or protective
measure is used to achieve equivalent protection.
c. DFARS provision 252.239-7009, Representation of Use of Cloud
Computing, requires contractors to report that they ``anticipate'' or
``do not anticipate'' utilizing cloud computing service in performance
of the resultant contract. The representation will notify contracting
officers of the applicability of the cloud computing requirements at
DFARS clause 252.239-7010 of the contract.
d. DFARS clause 252.239-7010, Cloud Computing Services, requires
reporting of cyber incidents that occur when DoD is purchasing cloud
computing services.
These DFARS provisions and clauses facilitate mandatory cyber
incident reporting requirements in accordance with statutory
regulations. When reports are submitted, DoD will analyze the reported
information for cyber threats and vulnerabilities in order to develop
response measures as well as improve U.S. Government understanding of
advanced cyber threat activity. In addition, the security requirements
in NIST SP 800-171 are specifically tailored for use in protecting
sensitive information residing in contractor information systems and
generally reduce the burden placed on contractors by eliminating
Federal-centric processes and requirements. The information provided
will inform DoD in assessing the overall risk to DoD covered defense
information on unclassified contractor systems and networks.
Comments and recommendations on the proposed information collection
should be sent to Ms. Susan Minson, DoD Desk Officer, at
[email protected]. Please identify the proposed information
collection by DoD Desk Officer and the Docket ID number and title of
the information collection.
You may also submit comments, identified by docket number and
title, by the following method: Federal eRulemaking Portal: https://www.regulations.gov. Follow the instructions for submitting comments.
DoD Clearance Officer: Ms. Angela Duncan. Requests for copies of
the information collection proposal should be sent to Ms. Duncan at
[email protected].
Jennifer D. Johnson,
Editor/Publisher, Defense Acquisition Regulations System.
[FR Doc. 2022-18769 Filed 8-30-22; 8:45 am]
BILLING CODE 5001-06-P
