Assessing Contractor
Implementation of Cybersecurity Requirements
Extension without change of a currently approved collection
No
Regular
05/06/2021
Requested
Previously Approved
36 Months From Approved
05/31/2021
13,378
13,378
57,601
57,601
6,727,155
6,727,155
DoD has a requirement to collect
information from offerors and contractors regarding the status of
their implementation of implement the 110 system security
requirements identified in the National Institute of Standards and
Technology Special Publication (NIST SP) 800-171 on their
information systems that process controlled unclassified
information (CUI). This information is being collected through
either a contractor’s submission of a Basic self-assessment in
DoD’s Supplier Performance Risk System, or a Medium or High
assessment of contractors conducted by DoD assessors. Results of a
NIST SP 800-171 DoD Assessment reflect the net effect of NIST SP
800-171 security requirements not yet implemented by a
contractor.
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.