This collection is withdrawn at the request of hte agency.
Inventory as of this Action
Requested
Previously Approved
6 Months From Approved
0
0
0
0
0
0
0
0
0
This DFARS case implements the tracking and reporting of incursions on contractor information technology networks that process DoD information. The purpose is to assess the methods of loss, to better understand the impact of a loss, to facilitate sharing and collaboration, and to standardize procedures for tracking and reporting network intrusions.
The Office of the Assistance Secretary of Defense for Acquisition, Technology and Acquisition (OASD(AT&L) Defense Procurement and Acquisition Policy (DPAP) / Defense Acquisition Regulations System (DARS) is submitting the subject requirement for emergency review and approval. This action is necessitated due to the increased attention to cyber security related issues, highlighted by legislation such as section 941, ?Reports to Department of Defense on penetrations of networks and information systems of certain contractors,? of the National Defense Authorization Act for Fiscal Year 2013. Defense Federal Acquisition Regulation Supplement (DFARS) final rule 2011-D039, entitled Safeguarding Unclassified Controlled Technical Information implements controls to safeguard unclassified controlled technical information and imposes new information collection requirements on DoD contractors. This information collection has been assigned OMB control number 0704-0478. There have previously been two public comment periods for this final rule, in a 2010 advanced notice of proposed rulemaking (ANPR) and a 2011 Proposed Rule. DoD has revised the rule in response to public concerns and effectively narrowed the rule to the minimum requirements acceptable to DoD. Absent implementation of this final rule, DoD will continue to lack the means to implement consistent information security controls across DoD contracts, leading to burdensome, inconsistent requirements for Defense contractors. This is part of DoD?s effort to enhance the protection of DoD information. Finally, this rule also partially implements the NDAA for FY2013 section 941 requirement to mandate contractor reporting of information created by or for DoD that has been potentially compromised by a penetration of a contractor network. OUSD(AT&L) DPAP/DARS has coordinated this submission with the OMB Clearance Officer, Ms. Patricia Toppings.
On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control number;
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
0704-0478 Justification Statement 091913_Revised.doc
Enhanced Safeguarding and Cyber Incident Reporting of Unclassified DoD Information Within Industry