This collection
is approved based on the revised materials provided by the
Department.
Inventory as of this Action
Requested
Previously Approved
09/30/2022
36 Months From Approved
09/30/2019
34,974
0
60,493
10,071
0
250,840
765,396
0
16,053,494
This collection implements mandatory
tracking and reporting of intrusions on unclassified networks or
contractor information technology systems that process DoD
information or those contractors designated as providing
operationally critical support. DoD is required by statute to
establish programs and activities to protect DoD information and
DoD information systems, including information and information
systems operated and maintained by contractors or others in support
of DoD activities. Offerors and contractors must report cyber
incidents on unclassified networks or information systems, within
cloud computing services, and when they affect contractors
designated as providing operationally critical support, as required
by statute.
This information collection
updates the existing collection approval by reducing the estimated
number of DoD contractors and offerors expected to report and the
associated burden hours. As a result, the total information
collection public burden associated with DFARS clauses
252.204-7012, 252.204-7008, 252.239-7009, and 252.239-7010 has been
changed as shown in the following table. The area of greatest
decrease is for reporting of cyber incidents. Previously, the total
number of cleared defense contractors (10,000) was used to project
the estimated number of probable cyber incidents, and it was
estimated that each of these contractors would submit five reports.
The estimates for this 2019 renewal uses the actual number of
reports submitted to DoD during FY 2018 via the web portal at
http://dibnet.dod.mil as the baseline for the estimate.
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.