Statement of Determination

STATEMENT OF DETERMINATION

1. In accordance with 5 CFR 1320.13, the senior official or designee, of the Department of Defense (DoD) has determined that this collection of information is needed because time constraints prevent the normal approval procedures. An expedited review is required because (a) this action is essential to the mission of the agency and (b) use of normal procedures could result in potential harm to national security if controls and safeguards are not put in place to prevent further compromise of DoD information. The agency cannot reasonably comply with the normal clearance procedures under Part 1320 since such compliance would delay compliance with the statutory requirements.

2. The Office of the Assistance Secretary of Defense for Acquisition, Technology and Acquisition (OASD(AT&L) Defense Procurement and Acquisition Policy (DPAP) / Defense Acquisition Regulations System (DARS) is submitting the subject requirement for emergency review and approval. This action is necessitated due to the increased attention to cyber security related issues, highlighted by legislation such as section 941, “Reports to Department of Defense on penetrations of networks and information systems of certain contractors,” of the National Defense Authorization Act for Fiscal Year 2013. Defense Federal Acquisition Regulation Supplement (DFARS) final rule 2011-D039, entitled Safeguarding Unclassified Controlled Technical Information implements controls to safeguard unclassified controlled technical information and imposes new information collection requirements on DoD contractors. This information collection has been assigned OMB control number 0704-0478. There have previously been two public comment periods for this final rule, in a 2010 advanced notice of proposed rulemaking (ANPR) and a 2011 Proposed Rule. DoD has revised the rule in response to public concerns and effectively narrowed the rule to the minimum requirements acceptable to DoD. Absent implementation of this final rule, DoD will continue to lack the means to implement consistent information security controls across DoD contracts, leading to burdensome, inconsistent requirements for Defense contractors. This is part of DoD’s effort to enhance the protection of DoD information. Finally, this rule also partially implements the NDAA for FY2013 section 941 requirement to mandate contractor reporting of information created by or for DoD that has been potentially compromised by a penetration of a contractor network. OUSD(AT&L) DPAP/DARS has coordinated this submission with the OMB Clearance Officer, Ms. Patricia Toppings.

3. The information that is requested is the minimum necessary to comply with the statutory requirements. Another 60-day Federal Register notice will be published in the Federal Register prior to the submission of a subsequent information collection package to OMB under regular processing timeframes.