This information collection supports
voluntary cyber incident reporting from DoD contractors to DoD in
accordance with 32 Code of Federal Regulations (CFR) part 236,
“Department of Defense (DoD)-Defense Industrial Base (DIB)
Cybersecurity (CS) Activities,” which authorizes the DIB CS
program.
US Code:
10
USC 2224 Name of Law: 32 CFR 236 - DEPARTMENT OF DEFENSE
(DOD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY
AND
US Code: 10 USC 2224 Name of Law: 32 CFR 236
- DEPARTMENT OF DEFENSE (DOD)-DEFENSE INDUSTRIAL BASE (DIB)
VOLUNTARY CYBER SECURITY AND
A change in burden estimates is
based on lessons learned for contractor cyber incident reporting,
and reflects that statutory requirements mandating cyber incident
reporting are covered under OMB control number 0704-0479, “Defense
Federal Acquisition Regulation Supplement (DFARS) Business
Systems-Definition and Administration; DFARS 234, Earned Value
Management Systems.”
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.