Safeguarding Covered Defense Information, Cyber Incident Reporting, and Cloud Computing

ICR 201907-0704-006

OMB: 0704-0478

Federal Form Document

Forms and Documents
Document
Name
Status
Supporting Statement A
2019-07-31
ICR Details
0704-0478 201907-0704-006
Active 201603-0704-003
DOD/DODDEP
Safeguarding Covered Defense Information, Cyber Incident Reporting, and Cloud Computing
Revision of a currently approved collection   No
Regular
Approved with change 09/20/2019
Retrieve Notice of Action (NOA) 07/31/2019
This collection is approved based on the revised materials provided by the Department.
  Inventory as of this Action Requested Previously Approved
09/30/2022 36 Months From Approved 09/30/2019
34,974 0 60,493
10,071 0 250,840
765,396 0 16,053,494

This collection implements mandatory tracking and reporting of intrusions on unclassified networks or contractor information technology systems that process DoD information or those contractors designated as providing operationally critical support. DoD is required by statute to establish programs and activities to protect DoD information and DoD information systems, including information and information systems operated and maintained by contractors or others in support of DoD activities. Offerors and contractors must report cyber incidents on unclassified networks or information systems, within cloud computing services, and when they affect contractors designated as providing operationally critical support, as required by statute.

PL: Pub.L. 112 - 239 941 Name of Law: NDAA for FY 2013
   US Code: 41 USC 1303 Name of Law: Federal Acquisition Regulatory Council
   PL: Pub.L. 113 - 291 1632 Name of Law: NDAA for FY 2015
  
None

Not associated with rulemaking

  84 FR 23532 05/22/2019
84 FR 36905 07/30/2019
Yes

1
IC Title Form No. Form Name
Safeguarding Covered Defense Information, Cyber Incident Reporting, and Cloud Computing

  Total Approved Previously Approved Change Due to New Statute Change Due to Agency Discretion Change Due to Adjustment in Estimate Change Due to Potential Violation of the PRA
Annual Number of Responses 34,974 60,493 0 0 -25,519 0
Annual Time Burden (Hours) 10,071 250,840 0 0 -240,769 0
Annual Cost Burden (Dollars) 765,396 16,053,494 0 0 -15,288,098 0
No
No
This information collection updates the existing collection approval by reducing the estimated number of DoD contractors and offerors expected to report and the associated burden hours. As a result, the total information collection public burden associated with DFARS clauses 252.204-7012, 252.204-7008, 252.239-7009, and 252.239-7010 has been changed as shown in the following table. The area of greatest decrease is for reporting of cyber incidents. Previously, the total number of cleared defense contractors (10,000) was used to project the estimated number of probable cyber incidents, and it was estimated that each of these contractors would submit five reports. The estimates for this 2019 renewal uses the actual number of reports submitted to DoD during FY 2018 via the web portal at http://dibnet.dod.mil as the baseline for the estimate.

$317,300
No
    Yes
    No
No
No
No
Uncollected
Jennifer Hawes 571 372-6115 [email protected]

  No

On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
 
 
 
 
 
 
 
    (i) Why the information is being collected;
    (ii) Use of information;
    (iii) Burden estimate;
    (iv) Nature of response (voluntary, required for a benefit, or mandatory);
    (v) Nature and extent of confidentiality; and
    (vi) Need to display currently valid OMB control number;
 
 
 
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
07/31/2019


© 2024 OMB.report | Privacy Policy