Information Collection Requirement; Defense Federal Acquisition Regulation Supplement; Assessing Contractor Implementation of Cybersecurity Requirements, 46085 [2024-11626]
Download as PDF
<![CDATA[
Federal Register / Vol. 89, No. 103 / Tuesday, May 28, 2024 / Notices
Dated: May 22, 2024.
Aaron T. Siegel,
Alternate OSD Federal Register Liaison
Officer, Department of Defense.
[FR Doc. 2024–11614 Filed 5–24–24; 8:45 am]
BILLING CODE 6001–FR–P
DEPARTMENT OF DEFENSE
Defense Acquisition Regulations
System
[Docket Number DARS–2024–0006; OMB
Control Number 0750–0004]
Information Collection Requirement;
Defense Federal Acquisition
Regulation Supplement; Assessing
Contractor Implementation of
Cybersecurity Requirements
Defense Acquisition
Regulations System, Department of
Defense (DoD).
ACTION: Notice.
AGENCY:
The Defense Acquisition
Regulations System has submitted to
OMB for clearance the following
proposal for collection of information
under the provisions of the Paperwork
Reduction Act.
DATES: Consideration will be given to all
comments received by June 27, 2024.
ADDRESSES: Written comments and
recommendations for the proposed
information collection should be sent
within 30 days of publication of this
notice to https://www.reginfo.gov/
public/do/PRAMain. Find this
particular information collection by
selecting ‘‘Currently under 30-day
Review—Open for Public Comments’’ or
by using the search function.
You may also submit comments,
identified by docket number and title,
by the following method: Federal
eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
FOR FURTHER INFORMATION CONTACT:
Tucker Lucas, 571–372–7574, or
whs.mc-alex.esd.mbx.dd-dodinformation-collections@mail.mil.
SUPPLEMENTARY INFORMATION:
Title and OMB Number: Defense
Federal Acquisition Regulation
Supplement (DFARS); Part 204 and
Related Clauses, Assessing Contractor
Implementation of Cybersecurity
Requirements, OMB Control Number
0750–0004.
Type of Request: Extension of a
currently approved collection.
Affected Public: Businesses or other
for-profit and not-for-profit institutions.
Respondent’s Obligation: Required to
obtain or retain benefits.
khammond on DSKJM1Z7X2PROD with NOTICES
SUMMARY:
VerDate Sep<11>2014
18:43 May 24, 2024
Jkt 262001
Frequency: At least annually.
Number of Respondents: 11,686.
Responses Per Respondent: 1.02,
approximately.
Annual Responses: 11,977.
Average Burden Per Response: 4.92
hours.
Annual Burden Hours: 58,885.
Needs and Uses: The collection of
information is necessary for DoD to
assess where vulnerabilities exist in its
supply chain and take steps to correct
such deficiencies. In addition, the
collection of information is necessary to
ensure defense industrial base
contractors that have not fully
implemented the National Institute of
Standards and Technology (NIST)
Special Publication (SP) 800–171
security requirements pursuant to the
clause at DFARS 252.204–7012 begin
correcting these deficiencies
immediately.
This requirement supports
implementation of section 1648 of the
National Defense Authorization Act for
Fiscal Year 2020 (Pub. L. 116–92).
Section 1648(c)(2) directs the Secretary
of Defense to develop a risk-based
cybersecurity framework for the defense
industrial base sector as the basis for a
mandatory DoD standard.
This requirement is implemented in
the Defense Federal Acquisition
Regulation Supplement (DFARS)
through the solicitation provision at
252.204–7019, Notice of NIST SP 800–
171 DoD Assessment Requirement, and
the contract clause at 252.204–7020,
NIST SP 800–171 DoD Assessment
Requirements.
This clearance covers the following
requirements:
• DFARS 252.204–7019, Notice of
NIST SP 800–171 DoD Assessment
Requirement, is prescribed for use in all
solicitations, including solicitations
using FAR part 12 procedures for the
acquisition of commercial products and
commercial services, except for
solicitations solely for the acquisition of
commercially available off-the-shelf
(COTS) items. Per the provision, if an
offeror is required to have implemented
NIST SP 800–171 per DFARS clause
252.204–7012, then the offeror shall
have a current assessment for each
covered contractor information system
that is relevant to the offer, contract,
task order, or delivery order in order to
be considered for award.
• DFARS 252.204–7020, NIST SP
800–171 DoD Assessment
Requirements, is prescribed for use in in
all solicitations and contracts, including
solicitations and contracts using FAR
part 12 procedures for the acquisition of
commercial products and commercial
services, except for solicitations and
PO 00000
Frm 00031
Fmt 4703
Sfmt 4703
46085
contracts solely for the acquisition of
COTS items. The clause requires the
contractor to provide the Government
access to its facilities, systems, and
personnel in order to conduct a Medium
Assessment or High Assessment, if
necessary. Medium Assessments are
assumed to be conducted by DoD
Components, primarily by program
management office cybersecurity
personnel, in coordination with the
Defense Contract Management Agency’s
DCMA’s Defense Industrial Base
Cybersecurity Assessment Center
(DIBCAC), as part of a separately
scheduled visit (e.g., for a critical design
review). High Assessments will be
conducted by, or in conjunction with,
DCMA’s DIBCAC. DoD may choose to
conduct a Medium Assessment or High
Assessment when warranted based on
the criticality of the program(s)/
technology(ies) associated with the
contracted effort(s). For example, a
Medium Assessment may be initiated by
a program office who has determined
that the risk associated with their
programs warrants going beyond the
Basic self-assessment. The results of that
Medium Assessment may satisfy the
program office or may indicate the need
for a High Assessment.
DoD Clearance Officer: Mr. Tucker
Lucas. Requests for copies of the
information collection proposal should
be sent to Mr. Lucas at whs.mcalex.esd.mbx.dd-dod-informationcollections@mail.mil.
Jennifer D. Johnson,
Editor/Publisher, Defense Acquisition
Regulations System.
[FR Doc. 2024–11626 Filed 5–24–24; 8:45 am]
BILLING CODE6001–FR–P
DEPARTMENT OF DEFENSE
Office of the Secretary
Reserve Forces Policy Board; Notice
of Federal Advisory Committee
Meeting
Under Secretary of Defense for
Personnel and Readiness, Department of
Defense (DoD).
ACTION: Notice of Federal advisory
committee meeting.
AGENCY:
The DoD is publishing this
notice to announce the following
Federal Advisory Committee meeting of
the Reserve Forces Policy Board (RFPB)
will occur.
DATES: The RFPB will hold an open to
the public meeting on Wednesday, June
5, 2024 from 12:30 p.m. to 3:30 p.m.
ADDRESSES: The in-person meeting will
be held at the RFPB office located at
SUMMARY:
E:\FR\FM\28MYN1.SGM
28MYN1
]]>Agencies
[Federal Register Volume 89, Number 103 (Tuesday, May 28, 2024)]
[Notices]
[Page 46085]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-11626]
-----------------------------------------------------------------------
DEPARTMENT OF DEFENSE
Defense Acquisition Regulations System
[Docket Number DARS-2024-0006; OMB Control Number 0750-0004]
Information Collection Requirement; Defense Federal Acquisition
Regulation Supplement; Assessing Contractor Implementation of
Cybersecurity Requirements
AGENCY: Defense Acquisition Regulations System, Department of Defense
(DoD).
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The Defense Acquisition Regulations System has submitted to
OMB for clearance the following proposal for collection of information
under the provisions of the Paperwork Reduction Act.
DATES: Consideration will be given to all comments received by June 27,
2024.
ADDRESSES: Written comments and recommendations for the proposed
information collection should be sent within 30 days of publication of
this notice to https://www.reginfo.gov/public/do/PRAMain. Find this
particular information collection by selecting ``Currently under 30-day
Review--Open for Public Comments'' or by using the search function.
You may also submit comments, identified by docket number and
title, by the following method: Federal eRulemaking Portal: https://www.regulations.gov. Follow the instructions for submitting comments.
FOR FURTHER INFORMATION CONTACT: Tucker Lucas, 571-372-7574, or [email protected].
SUPPLEMENTARY INFORMATION:
Title and OMB Number: Defense Federal Acquisition Regulation
Supplement (DFARS); Part 204 and Related Clauses, Assessing Contractor
Implementation of Cybersecurity Requirements, OMB Control Number 0750-
0004.
Type of Request: Extension of a currently approved collection.
Affected Public: Businesses or other for-profit and not-for-profit
institutions.
Respondent's Obligation: Required to obtain or retain benefits.
Frequency: At least annually.
Number of Respondents: 11,686.
Responses Per Respondent: 1.02, approximately.
Annual Responses: 11,977.
Average Burden Per Response: 4.92 hours.
Annual Burden Hours: 58,885.
Needs and Uses: The collection of information is necessary for DoD
to assess where vulnerabilities exist in its supply chain and take
steps to correct such deficiencies. In addition, the collection of
information is necessary to ensure defense industrial base contractors
that have not fully implemented the National Institute of Standards and
Technology (NIST) Special Publication (SP) 800-171 security
requirements pursuant to the clause at DFARS 252.204-7012 begin
correcting these deficiencies immediately.
This requirement supports implementation of section 1648 of the
National Defense Authorization Act for Fiscal Year 2020 (Pub. L. 116-
92). Section 1648(c)(2) directs the Secretary of Defense to develop a
risk-based cybersecurity framework for the defense industrial base
sector as the basis for a mandatory DoD standard.
This requirement is implemented in the Defense Federal Acquisition
Regulation Supplement (DFARS) through the solicitation provision at
252.204-7019, Notice of NIST SP 800-171 DoD Assessment Requirement, and
the contract clause at 252.204-7020, NIST SP 800-171 DoD Assessment
Requirements.
This clearance covers the following requirements:
DFARS 252.204-7019, Notice of NIST SP 800-171 DoD
Assessment Requirement, is prescribed for use in all solicitations,
including solicitations using FAR part 12 procedures for the
acquisition of commercial products and commercial services, except for
solicitations solely for the acquisition of commercially available off-
the-shelf (COTS) items. Per the provision, if an offeror is required to
have implemented NIST SP 800-171 per DFARS clause 252.204-7012, then
the offeror shall have a current assessment for each covered contractor
information system that is relevant to the offer, contract, task order,
or delivery order in order to be considered for award.
DFARS 252.204-7020, NIST SP 800-171 DoD Assessment
Requirements, is prescribed for use in in all solicitations and
contracts, including solicitations and contracts using FAR part 12
procedures for the acquisition of commercial products and commercial
services, except for solicitations and contracts solely for the
acquisition of COTS items. The clause requires the contractor to
provide the Government access to its facilities, systems, and personnel
in order to conduct a Medium Assessment or High Assessment, if
necessary. Medium Assessments are assumed to be conducted by DoD
Components, primarily by program management office cybersecurity
personnel, in coordination with the Defense Contract Management
Agency's DCMA's Defense Industrial Base Cybersecurity Assessment Center
(DIBCAC), as part of a separately scheduled visit (e.g., for a critical
design review). High Assessments will be conducted by, or in
conjunction with, DCMA's DIBCAC. DoD may choose to conduct a Medium
Assessment or High Assessment when warranted based on the criticality
of the program(s)/technology(ies) associated with the contracted
effort(s). For example, a Medium Assessment may be initiated by a
program office who has determined that the risk associated with their
programs warrants going beyond the Basic self-assessment. The results
of that Medium Assessment may satisfy the program office or may
indicate the need for a High Assessment.
DoD Clearance Officer: Mr. Tucker Lucas. Requests for copies of the
information collection proposal should be sent to Mr. Lucas at [email protected].
Jennifer D. Johnson,
Editor/Publisher, Defense Acquisition Regulations System.
[FR Doc. 2024-11626 Filed 5-24-24; 8:45 am]
BILLING CODE 6001-FR-P
