This collection
is withdrawn at the request of hte agency.
Inventory as of this Action
Requested
Previously Approved
6 Months From Approved
0
0
0
0
0
0
0
0
0
This DFARS case implements the
tracking and reporting of incursions on contractor information
technology networks that process DoD information. The purpose is to
assess the methods of loss, to better understand the impact of a
loss, to facilitate sharing and collaboration, and to standardize
procedures for tracking and reporting network intrusions.
The Office of the
Assistance Secretary of Defense for Acquisition, Technology and
Acquisition (OASD(AT&L) Defense Procurement and Acquisition
Policy (DPAP) / Defense Acquisition Regulations System (DARS) is
submitting the subject requirement for emergency review and
approval. This action is necessitated due to the increased
attention to cyber security related issues, highlighted by
legislation such as section 941, ?Reports to Department of Defense
on penetrations of networks and information systems of certain
contractors,? of the National Defense Authorization Act for Fiscal
Year 2013. Defense Federal Acquisition Regulation Supplement
(DFARS) final rule 2011-D039, entitled Safeguarding Unclassified
Controlled Technical Information implements controls to safeguard
unclassified controlled technical information and imposes new
information collection requirements on DoD contractors. This
information collection has been assigned OMB control number
0704-0478. There have previously been two public comment periods
for this final rule, in a 2010 advanced notice of proposed
rulemaking (ANPR) and a 2011 Proposed Rule. DoD has revised the
rule in response to public concerns and effectively narrowed the
rule to the minimum requirements acceptable to DoD. Absent
implementation of this final rule, DoD will continue to lack the
means to implement consistent information security controls across
DoD contracts, leading to burdensome, inconsistent requirements for
Defense contractors. This is part of DoD?s effort to enhance the
protection of DoD information. Finally, this rule also partially
implements the NDAA for FY2013 section 941 requirement to mandate
contractor reporting of information created by or for DoD that has
been potentially compromised by a penetration of a contractor
network. OUSD(AT&L) DPAP/DARS has coordinated this submission
with the OMB Clearance Officer, Ms. Patricia Toppings.
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.
0704-0478 Justification Statement 091913_Revised.doc
Enhanced Safeguarding and Cyber Incident Reporting of Unclassified DoD Information Within Industry