National Aeronautics and Space Administration (NASA).
This final rule adopts with changes the interim rule published in the Federal Register on July 12, 2001. The interim rule amended the NASA FAR Supplement (NFS) to clarify information technology (IT) security requirements for sensitive information contained in unclassified automated information resources
July 26, 2002.Start Further Info
FOR FURTHER INFORMATION CONTACT:
Karl Beisel, NASA Headquarters, Code HC, Washington, DC 20546, (202) 358-0416, email@example.com.End Further Info End Preamble Start Supplemental Information
NASA published an interim rule in the Federal Register at 66 FR 36490 on July 12, 2001, revising NFS section 1804.470 and the clause at 1852.204-76, Security Requirements for Unclassified Information Technology Resources. These sections address security requirements for unclassified IT resources. The action implemented The Computer Security Act of 1987 and Appendix III of the Office of Management and Budget (OMB) Circular No. A-130, Security of Federal Automated Information Resources, which require adequate security be provided for all Agency information collected, processed, transmitted, stored, or disseminated. NFS section 1804.470 contains the requirement for all NASA contractors and subcontractors to comply with Federal and NASA policies in safeguarding unclassified NASA data held via information technology (IT).
Public comments were received from one source. The comments were considered in developing this final rule.
Changes are made in this final rule to section 1804.470-1, Scope, to reference Federal policies that are implemented through NASA's Procedures and Guidelines (NPG) 2810.1, Security of Information Technology, and amend paragraph (d)(3)(i) of the clause at 1852.204-76 to remove the exemption of certain information contained in Standard Form 85P, Questionnaire for Public Trust Positions.
NASA understands that the FAR Council is working with the OMB Start Printed Page 48815 Committee on Executive Branch Information Systems Security under the President's Critical Infrastructure Protection Board on the development of a government-wide IT security clause. The purpose of this work is to ensure that IT security requirements are included in all applicable Federal government contracts. Upon completion of this government-wide effort, NASA will modify its rule, as may be necessary, to ensure consistency with the FAR coverage.
This is not a significant regulatory action, and therefore, was not subject to review under Section 6(b) of Executive Order 12866, Regulatory Planning and Review, dated September 30, 1993. This rule is not a major rule under 5 U.S.C. 804
B. Regulatory Flexibility Act
NASA certifies that this rule will not have a significant economic impact on a substantial number of small entities within the meaning of the Regulatory Flexibility Act (5 U.S.C. 601 et seq.), because this rule only clarifies existing requirements and does not impose any new requirements.
C. Paperwork Reduction Act
This rule clarifies existing requirements that were previously approved by the Office of Management and Budget (OMB) under OMB Control No. 2700-0098.Start List of Subjects
List of Subjects in 48 CFR Parts 1804 and 1852End List of Subjects Start Signature
Assistant Administrator for Procurement.
Interim Rule Adopted as Final With ChangeStart Amendment Part
Accordingly, the interim rule amendingEnd Amendment Part Start Amendment Part
1. The authority citation forEnd Amendment Part Start Part
PART 1804—ADMINISTRATIVE MATTERSEnd Part Start Amendment Part
2. Revise section 1804.470-1 to read as follows:End Amendment Part
This section implements NASA's acquisition-related aspects of Federal policies for assuring the security of unclassified automated information resources. Federal policies include, but are not limited to, the Computer Security Act of 1987 (40 U.S.C. 1441 et seq.), the Clinger-Cohen Act of 1996 (40 U.S.C. 1401 et seq.), Public Law 106-398, section 1061, Government Information Security Reform, OMB Circular A-130, Management of Federal Information Resources, and the National Institute of Standards and Technology security guidance and standards.
PART 1852—SOLICITATION PROVISIONS AND CONTRACT CLAUSES
3. Amend section 1852.204-76 in the clause heading by removing “(JULY 2001)” and adding “(July 2002)” in its place; and in paragraph (d)(3)(i) by removing “(Information regarding financial record, question 22, and the Authorization for Release of Medical Information are not applicable)”.End Amendment Part End Supplemental Information
[FR Doc. 02-19004 Filed 7-25-02; 8:45 am]
BILLING CODE 7510-01-P