Skip to Content


Security Requirements for Unclassified Information Technology Resources

Document Details

Information about this document as published in the Federal Register.

Document Statistics
Document page views are updated periodically throughout the day and are cumulative counts for this document including its time on Public Inspection. Counts are subject to sampling, reprocessing and revision (up or down) throughout the day.
Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble


National Aeronautics and Space Administration (NASA).


Final rule.


This final rule adopts with changes the interim rule published in the Federal Register on July 12, 2001. The interim rule amended the NASA FAR Supplement (NFS) to clarify information technology (IT) security requirements for sensitive information contained in unclassified automated information resources


July 26, 2002.

Start Further Info


Karl Beisel, NASA Headquarters, Code HC, Washington, DC 20546, (202) 358-0416,

End Further Info End Preamble Start Supplemental Information


A. Background

NASA published an interim rule in the Federal Register at 66 FR 36490 on July 12, 2001, revising NFS section 1804.470 and the clause at 1852.204-76, Security Requirements for Unclassified Information Technology Resources. These sections address security requirements for unclassified IT resources. The action implemented The Computer Security Act of 1987 and Appendix III of the Office of Management and Budget (OMB) Circular No. A-130, Security of Federal Automated Information Resources, which require adequate security be provided for all Agency information collected, processed, transmitted, stored, or disseminated. NFS section 1804.470 contains the requirement for all NASA contractors and subcontractors to comply with Federal and NASA policies in safeguarding unclassified NASA data held via information technology (IT).

Public comments were received from one source. The comments were considered in developing this final rule.

Changes are made in this final rule to section 1804.470-1, Scope, to reference Federal policies that are implemented through NASA's Procedures and Guidelines (NPG) 2810.1, Security of Information Technology, and amend paragraph (d)(3)(i) of the clause at 1852.204-76 to remove the exemption of certain information contained in Standard Form 85P, Questionnaire for Public Trust Positions.

NASA understands that the FAR Council is working with the OMB Start Printed Page 48815 Committee on Executive Branch Information Systems Security under the President's Critical Infrastructure Protection Board on the development of a government-wide IT security clause. The purpose of this work is to ensure that IT security requirements are included in all applicable Federal government contracts. Upon completion of this government-wide effort, NASA will modify its rule, as may be necessary, to ensure consistency with the FAR coverage.

This is not a significant regulatory action, and therefore, was not subject to review under Section 6(b) of Executive Order 12866, Regulatory Planning and Review, dated September 30, 1993. This rule is not a major rule under 5 U.S.C. 804

B. Regulatory Flexibility Act

NASA certifies that this rule will not have a significant economic impact on a substantial number of small entities within the meaning of the Regulatory Flexibility Act (5 U.S.C. 601 et seq.), because this rule only clarifies existing requirements and does not impose any new requirements.

C. Paperwork Reduction Act

This rule clarifies existing requirements that were previously approved by the Office of Management and Budget (OMB) under OMB Control No. 2700-0098.

Start List of Subjects

List of Subjects in 48 CFR Parts 1804 and 1852

  • Government Procurement
End List of Subjects Start Signature

Tom Luedtke,

Assistant Administrator for Procurement.

End Signature

Interim Rule Adopted as Final With Change

Start Amendment Part

Accordingly, the interim rule amending 48 CFR parts 1804 and 1852, published at 66 FR 36492 on July 12, 2001, is adopted as final with the following changes:

End Amendment Part Start Amendment Part

1. The authority citation for 48 CFR parts 1804 and 1852 continues to read as follows:

End Amendment Part Start Authority

Authority: 42 U.S.C. 2473(c)(1).

End Authority Start Part


End Part Start Amendment Part

2. Revise section 1804.470-1 to read as follows:

End Amendment Part

This section implements NASA's acquisition-related aspects of Federal policies for assuring the security of unclassified automated information resources. Federal policies include, but are not limited to, the Computer Security Act of 1987 (40 U.S.C. 1441 et seq.), the Clinger-Cohen Act of 1996 (40 U.S.C. 1401 et seq.), Public Law 106-398, section 1061, Government Information Security Reform, OMB Circular A-130, Management of Federal Information Resources, and the National Institute of Standards and Technology security guidance and standards.

Start Part


End Part Start Amendment Part

3. Amend section 1852.204-76 in the clause heading by removing “(JULY 2001)” and adding “(July 2002)” in its place; and in paragraph (d)(3)(i) by removing “(Information regarding financial record, question 22, and the Authorization for Release of Medical Information are not applicable)”.

End Amendment Part End Supplemental Information

[FR Doc. 02-19004 Filed 7-25-02; 8:45 am]