SUPPORTING STATEMENT - PART A
((Department of Defense Contract Security Classification Specification (DD Form 254)
OMB Control Number: 0704-XXXX)
1. Need for the Information Collection
Pursuant to 48 CFR, part 27, in conjunction with subpart 4.4 of the Federal Acquisition Regulation, contracting officers shall review all proposed solicitations to determine whether access to classified information may be required by offerors or by a contractor during contract performance. When access to classified information is required and the provisions of subpart 4.4 require it, the contracting officer shall insert the clause at 52.204-2, Security Requirements, in solicitations and contracts. DoD Components, those non-DoD agencies with formal agreements with DoD for industrial security services and U.S. contractors under DoD security cognizance in the National Industrial Security Program (NISP) shall use the “Contract Security Classification Specification,” DD Form 254, as an attachment to contracts, solicitations and other arrangements or agreements requiring access to classified information by U.S. contractors. This information collection is needed because the DD Form 254, with its attachments, supplements, and incorporated references, is the principal authorized means for providing security classification guidance to a contractor in connection with a classified contract.
DoD 5220.22-R “Industrial Security Regulation,” requires that Government Contracting Activities (GCAs) use the DD Form 254 to provide security classification guidance to a contractor in connection with a classified contract. The DoD 5220.22-M, National Industrial Security Program Operating Manual (NISPOM) also requires that cleared U.S. prime contractors provide contract security classification specifications to their U.S. cleared subcontractors when access to classified information is required in connection with a subcontract.
2. Use of the Information
There is one information collection with associated instructions. The DD Form 254, “Contract Security Classification Specification,” is used to identify the classified areas of information involved in the classified effort and, particularly, to identify the specific items of information within these areas that require protection. DoD Components, including the Military Services, those non-DoD agencies with formal agreements with DoD for industrial security services or U.S. contractors under DoD security cognizance in the NISP provide the guidance in the body of the DD Form 254 or its attachments based on requirements levied through security classification guidance for solicitations, contracts or other agreements requiring access to classified information.
The respondent is a cleared contractor facility in the NISP under the security cognizance of the Defense Security Service (DSS), the designated Cognizant Security Office for DoD. Pursuant to security classification guidance provided by the government customer and requirements of the NISPOM, DoD 5220.22-M, the NISP contractors must provide contract security classification specifications with any solicitations, subcontracts or other agreements requiring access to classified information that they propose or award. For those contractors under DoD security cognizance, that means using the DD Form 254 for those solicitations, subcontracts or other agreements that require access to classified information.
A respondent submits completed DD Forms 254 with any attachments to the applicable subcontractor and to the DoD NISP Cognizant Security Office (i.e., DSS) for use in the evaluation and oversight of U.S. cleared contractors’ access to and safeguarding of classified information based on requirements levied by the DoD 5220.22-M, NISPOM. In the event that the Government Contracting Activity (GCAs) is a foreign government or an activity of the North Atlantic Treaty Organization, a security aspects letter serves as the equivalent of a DD Form 254 to provide security classification guidance to a contractor in connection with a classified contract.
The contractor signs a DoD Security Agreement (DD Form 441; OMB Control Number 0704-0194) which includes the following text:
“Section I Security Controls: (A) The contractor agrees to provide and maintain a system of security controls within the organization in accordance with the requirements of the “National Industrial Security Program Operating Manual,” DoD 5220.22-M… ”
“Section VI Security Costs: This Agreement does not obligate Government funds, and the Government shall not be liable for any costs or claims of the Contractor arising out of this Agreement or instructions issued hereunder. It is recognized, however, that the parties may provide in other written contracts for security costs, which may be properly chargeable thereto.”
Respondents may also electronically complete and submit the DD Form 254 with attachments to the servicing DSS field office through the NISP Contracts Classification System (NCCS). NCCS is as an Enterprise Federal information system application that supports DoD and other Federal Agencies in the NISP by facilitating the processing and distribution of contract security classification specifications (DD Forms 254). NCCS is in the initial phases of deployment and is available as an application on the Wide Area Workflow E-Business Suite. Respondents can register for, and request access to, NCCS at: https://wawf.eb.mil/.
3. Use of Information Technology
Seventy-five percent of respondents electronically complete and submit DD Forms 254 with attachments to the servicing field offices of DSS, the DoD designated NISP Cognizant Security Office. Electronic submissions are considered those submitted by facsimile or those scanned and sent via email to the servicing DSS field office. The remaining twenty-five percent choose to print out the DD Form 254 and mail the completed document with any attachments to the servicing DSS field office for the U.S. contractor identified in the information collection.
DoD expects the percentage of electronic submissions via facsimile or email to be replaced as respondents begin to electronically complete and submit the DD Form 254 with attachments to the servicing DSS field office through the NCCS. NCCS is as an Enterprise Federal information system application that supports DoD and other Federal Agencies in the NISP by facilitating the processing and distribution of contract security classification specifications (DD Forms 254). NCCS is in the initial phases of deployment and is available as an application on the Wide Area Workflow E-Business Suite. Respondents can register for, and request access to, NCCS at: https://wawf.eb.mil/. The burden for the NCCS is not included in this iteration of the submission to OMB, and will be included as a revision to the collection at a later date once deployment is complete.
4. Non-duplication
The information obtained through this collection is unique and is not already available for use or adaptation from another cleared source.
5. Burden on Small Businesses
This information collection does not impose a significant economic impact on a substantial number of small businesses or entities.
6. Less Frequent Collection
The frequency of record-keeping or reporting is “on occasion” for the DD Form 254 because it is an attachment to contracts, solicitations and other arrangements or agreements requiring access to classified information by U.S. contractors. If requirements for the protection of classified information associated with a contract, solicitation or other arrangement change, then the Government Contracting Activity or a prime contractor would revise and then submit the revised DD Form 254 to the subcontractor with a copy to Defense Security Service (DSS). Without collection of this information, DoD, and its designated NISP Cognizant Security Office (i.e., DSS), would be unable to exercise effective oversight of the protection of classified information in the hands of cleared contractors in the NISP. If collections were stopped, DoD’s ability to assure protection of classified information released or disclosed to cleared contractors in the NISP and to preclude compromise of classified information and potential harm to the national security would cease.
7. Paperwork Reduction Act Guidelines
This collection of information does not require collection to be conducted in a manner inconsistent with the guidelines delineated in 5 CFR 1320.5(d)(2).
8. Consultation and Public Comments
Part A: PUBLIC NOTICE
There were two 60-Day Federal Register Notices and one 30 day Federal Register notice for this collection. The first 60-Day FRN at 80 FRN 72714 published on Friday, November 20, 2015. The public comment period closed on January 19, 2016. The second 60-Day FRN at 82 FRN 13315 published on March 10, 2017. The public comment period closed on May, 9, 2017. No comments were received during the second 60-Day Comment Period. The 30 day FRN at 82 FRN 29279 published on June 28, 2017. The public comment period closed on July 28, 2017.
Eight commenters provided a total of thirty-seven comments during the first 60 day public comment period. The comments are included below in the order that the commenters addressed the sequence of points in the information collection, as well as our Agency’s response to each comment. A detailed comments matrix has also been provided as part of this submission.
All commenters in general supported the information collection; but proposed revisions for clarity or accuracy as well as user-friendly options for application in the automated NCCS.
In addition to the instructions with this information collection, DoD Components and those non-DoD agencies with which DoD has agreements to provide industrial security services comply with guidance on completion of a contract security classification specification (i.e., DD form 254) set forth in the DoD 5220.22-R, “DoD Industrial Security Regulation”. Cleared contractors under DoD’s NISP security cognizance also comply with guidance on completion of a contract security classification specification as an overarching requirement from the Executive Branch to cleared contractors as set forth in the DoD 5220.22-M (NISPOM).
DoD has provided DSS, the office of primary responsibility for NCCS, with the six comments that recommended automated application for user friendliness for its considerations.
We accepted one editorial comment for a subsection of item 1a(7). We did not accept a comment to add period of performance because that information is elsewhere in the overall contract. In response to one comment, we revised item 3b(3) to include a reminder that there should be a review of classification requirements at least biennially. We clarified item 4 in the instructions based on one comment that indicated that an itemization for every follow-on contract of material or influence authorized for transfer is administratively burdensome. Item 4 in the instructions now explains that either all classified material or information associated with the contract is authorized to be transferred to the contract number cited in item 2a, or, specifying a list of material or information to be transferred in item 13 of the DD Form 254. We did not accept one comment to add associate contractor in item 8 because the NISPOM does not use that term. Based on one comment, we corrected the subparagraphs for item 5 in the instructions since it pertains only to those instances when the classified contract has been completed at which time the Government Contracting Activity (GCA) would have to provide a retention period and final disposition instructions for the classified material from the now completed contract.
One comment asked how to distribute a classified DD Form 254 if the contractor did not have classified connections to a GCA. We considered that comment a question of implementation and did not revise the instructions. The NISPOM provides guidance on safeguarding and transmission of classified information to contractors.
The primary purpose of the DD Form 254 is for contracts requiring access to classified information, thus we did not accept a comment for item 10j asking if it could be used, or required, for unclassified contracts.
One comment recommended that the information collection include an option for facilities that host an Intelligence Community accredited sensitive compartmented information facility but do not have a DoD-granted facility security clearance (FCL). We did not accept that comment since the primary purpose of the DD Form 254 is based on cleared contractors with a DoD-granted FCL. We revised the information collection to state ISFD or its successor since one comment noted that there are plans for the eventual successor information system for FCLs at DSS. We added clarification in the description of an FCL as requested in one comment to make it clear that the information collection should include the highest level of classified information to which a contractor’s employees require access for performance.
One comment recommended removal of the text in the instructions that explains that a security aspects letter should be issued instead of a DD Form 254 to foreign contractors as they are not bound by the DoD 5220.22-M, NISPOM. Based on periodic questions received, we retained that text as a needed reminder to issue a security aspects letter instead of a DD Form 254 when a classified contract involves performance by a foreign contractor. We provided additional clarity in response to 3 comments as to where to find identifying information for the appropriate DSS field office or classified mailing addresses for contractors. Based on one comment, we revised text to provide more security conscious wording when referring to a separate classified description of the procurement with the DD Form 254. We revised the DD Form 254 and instructions to include the option for access to either Sensitive Compartmented Information (SCI) or non-SCI intelligence information when required for performance.
We accepted one comment that recommended using “requires” instead of “required” in item 10a(6). Since the definition of foreign government information (FGI) is already included in item 10h(3), we did not add that FGI may include unclassified information as one commenter recommended. We revised item 10j and item 11L in the instructions to clarify that controlled unclassified information (CUI) should only be selected if the contract requires access to classified information and also includes a requirement for access to CUI, in accordance with Government Contracting Activity (GCA) specific guidance. In response to one comment, we removed “For Official Use Only (FOUO)” as an example in one of the instructions as no longer needed. We continued to include the term “material” in item 11c of the instructions as that term covers any product or substance on which information is embedded while one commenter had recommended that we instead use the term “hardware.”
In response to two comments about supplemental protection in item 2a(3) and item 11e(3)(c) about “guard services,” we revised the text in the instructions to refer to compliance with any DoD 5220.22-M (NISPOM) requirements about supplemental protection. We revised the instructions in item 11J about operational security (OPSEC) to make it clear that a GCA must identify pertinent contract clauses with sufficient information and guidance if the GCA adds OPSEC requirements outside of the standard NISPOM requirements. A user will be able to add text in the fillable PDF version of the DD Form 254 when the information collection is approved and published as two comments raised questions that item 12 for public release authority did not seem to allow for adding text or have sufficient space to do so, respectively. In addition, we clarified the instructions for item 12 to include a requirement for the public release authority to provide its office and phone contact information and if available, email address.
In response to one comment, we revised item 13(6)(f) to clarify that the GCA should assure that it provides specific classification guidance to the contractor. In addition, the GCA does not extract sections of the NISPOM (DoD 5220.2-M) in the DD Form 254 since the NISPOM does not provide classification guidance; but instead provides general guidance on marking of documents derivatively, classification, downgrading and declassification and procedures for classified information. We agreed with one comment that we should remove “or its supplements” in item 14 of the instructions since the NISPOM Supplement is above the standard NISPOM requirements. Since item 13 of the DD Form 254 includes additional ability for signatures, we did not agree with the comment to add another signature block for a GCA in item 16. We think that the explanation of an Activity Address Code (AAC) issued by the General Services Administration to a GCA in item 16b and item 17d is clear and did not change it based on a comment which asked if it is the same type of code as one used in the DoD personnel security system of record.
One commenter provided two comments during the 30 day public comment period. In response to one of the comments, we added a new “c” under “Description” on the first page of the instructions top left corner explaining that a contract itself includes the ending period of performance, including delivery or other requirements. The DD Form 254 is an attachment to the contract and does not include the contract expiration date. Putting the schedule or period of performance in two places creates a probability that a change in one place will not be repeated in the other, and thus could create confusion about whether the security requirements for the contract are current with the current schedule or period of performance. We accepted the second comment by revising item 10k, “Other” on page 6 of 12 of the instructions to have the header at (2) read: Access requirements other than those identified at items 10a through 10j. We also added “(including any that will have to be included in the DoD personnel security system of record for an individual performing on the contract)” after “and ensure accesses.”
Part B: CONSULTATION
DoD, one of the five National Industrial Security Program (NISP) Cognizant Security Agencies, consulted informally with an ad hoc working group of the NISP Policy Advisory Committee (NISPPAC) chaired by the Director of the Information Security Oversight Office of the National Archives and Records Administration about the DD form 254 information collection and its instructions. The NISPPAC is comprised of both government and industry representatives. In addition, DoD Components provided informal feedback on this information collection during periodic Defense Security Oversight and Assessment Program visits. DoD Components also provided formal feedback on this information collection through the DoD internal forms coordination process.
9. Gifts or Payment
No payments or gifts are being offered to respondents as an incentive to participate in the collection.
10. Confidentiality
A Privacy Act Statement is not required for this collection because we are not requesting individuals to furnish personal information for a system of records.
A System of Record Notice (SORN) is not required for this collection because records are not retrievable by PII.
A Privacy Impact Assessment (PIA) is not required for this collection because PII is not being collected electronically.
Records Retention and Disposition Schedule: For U.S. Government agencies, refer to the National Archives and Records Administration General Records Schedule 1.1 (Financial Management and Reporting Records) for the disposition of the DD Form 254 with its related contract file. See www.archives.gov/records-mgmt/grs.html .
11. Sensitive Questions
No questions considered sensitive are being asked in this collection.
12. Respondent Burden and its Labor Costs
a. Estimation of Respondent Burden
1. Department of Defense Contract Security Classification Specification
(DD Form 254)
a. Number of Respondents: 3,211
b. Number of Responses Per Respondent: 10.13
c. Number of Total Annual Responses: 32,527.43*
d. Response Time: 70 minutes
e. Respondent Burden Hours: 37,948.67 hours
2. Total Submission Burden (Summation or average based on collection)
a. Total Number of Respondents: 3,211
b. Total Number of Annual Responses: 32,527.43
c. Total Respondent Burden Hours: 37,948.67 hours
b. Labor Cost of Respondent Burden
1. Department of Defense Contract Security Classification Specification
(DD Form 254)
a. Number of Total Annual Responses: 32,527.43
b. Response Time: 70 minutes
c. Respondent Hourly Wage: $40.36 (~$.671 per minute)**
d. Labor Burden per Response: $47.08
e. Total Labor Burden: $1,531,391.40
2. Overall Labor Burden
a. Total Number of Annual Responses for 3,211 Respondents: 32,527.43
b. Total Labor Burden: $1,531,391.40
* Total number of responses (32,527.43) is based on the estimated number of classified subcontracts awarded by prime contractor annually, not including any subcontracts for which DSS does not have security cognizance/oversight (e.g., special access programs for which DSS does not have such security cognizance or sensitive compartmented information for which DSS also does not have security cognizance).
**Hourly wage for respondent is based on the approximate salary of a GS-12, Step 4 in the Washington, D.C., Maryland and Virginia metropolitan area (effective January 2015): ($40.36) rate per hour)/60 minutes=$.671 (rate per minute)
13. Respondent Costs Other Than Burden Hour Costs
There are no annualized costs to respondents other than the labor burden costs addressed in Section 12 of this document to complete this collection.
14. Cost to the Federal Government
a.
Labor Cost to the Federal Government
1. Department of Defense Contract Security Classification Specification
(DD Form 254
a. Number of Total Annual Responses: 32,527.43
b. Processing Time per Response: .5 hours
c. Hourly Wage of Worker(s) Processing Responses: $40.36*
d. Cost to Process Each Response: $20.18**
e. Total Cost to Process Responses: $656,403.54
2. Overall Labor Burden to Federal Government
a. Total Number of Annual Responses: 32,527.43
b. Total Labor Burden: $656,403.54
b. Operational and Maintenance Costs
Equipment: $0
Printing: $0
Postage: $0
Software Purchases: $0
Licensing Costs: $0
Other: $0
g. Total: $0
1. Total Operational and Maintenance Costs: $0
2. Total Labor Cost to the Federal Government: $656,403.54
3. Total Cost to the Federal Government: $656,403.54
*Cost to federal government is based on the approximate salary of a GS-12, Step 4 in the Washington, D.C., Maryland and Virginia metropolitan area (effective January 2015): ($40.36) rate per hour)/60 minutes=$.671 (rate per minute)
** Cost to federal government represents the initial review by a government employee (Industrial Security Representative for completeness for a DD Form 254 from a prime contractor to a subcontractor.
15. Reasons for Change in Burden
This is an existing collection currently in use without an OMB Control Number.
16. Publication of Results
The results of this information collection will not be published.
17. Non-Display of OMB Expiration Date
We are not seeking approval to omit the display of the expiration date of the OMB approval on the collection instrument.
18. Exceptions to “Certification for Paperwork Reduction Submissions”
We are not requesting any exemptions to the provisions stated in 5 CFR 1320.9.
Version 1.1 – Effective 11/1/2016
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
Author | Kaitlin Chiarelli |
File Modified | 0000-00-00 |
File Created | 2021-01-22 |