SUPPORTING STATEMENT - PART A
Certificate Pertaining to Foreign Interest – 0704-0579
Summary of Changes from Previously Approved Collection
|
1. Need for the Information Collection
This information collection requirement is necessary to support the execution of 32 C.F.R. Part 117, “National Industrial Security Program (NISPOM),” dated December 21, 2020 or equivalent. Executive Order (EO) 12829, as amended, “National Industrial Security Program (NISP)”, Section 202 (a) stipulates that the Secretary of Defense serves as the Executive Agent for inspecting and monitoring the contractors, licensees, and grantees who require or will require access to, or who store or will store classified information; and for determining eligibility for access to classified information of contractors, licensees, and grantees and their respective employees. Section 202 (e) also authorizes the Executive Agent to issue, after consultation with affected agencies, standard forms that will promote the implementation of the NISP.
Executive Order 12829 was amended by Executive Order 13691, adding the Secretary of Homeland Security as the fifth Cognizant Security Agency. Section 202 (d) of E. O. 12829 stipulates that the Secretary of Homeland Security may determine the eligibility for access to Classified National Security Information of contractors, licensees and grantees and their respective employees under a designated critical infrastructure protection program, including parties to agreements with such programs. The Secretary of Homeland Security also may inspect and monitor the contractors, grantees or licensees and facilities or may enter into written agreements with the Secretary of Defense, as Executive Agent or with the office of the Director of Intelligence/Director of Central Intelligence Agency to inspect and monitor these programs in whole or in part on behalf of the Secretary of Homeland Security. The specific requirements necessary to protect classified information released to private industry are found in 32 C.F.R. Part 117, “National Industrial Security Program (NISPOM),” (Part 117) dated December 21, 2020 or equivalent; DoD Industrial Security Regulation, DoD 5220. 22-R, as amend by DoD 5220.22- NISP Volume 3, “National Industrial Security Program: Procedures for Government Activities Relating to Foreign Ownership, Control or Influence (FOCI), dated April 17, 2014. The SF 328 incorporates its usage for the NISP portion of the Classified Critical Infrastructure Protection Program as stipulated under EO 12829, as amended by Executive Order 13691. The SF 328 is also used for the DoD’s Innovation initiative through the DoD Enhanced Security Program (DESP), pursuant to section 951 of Public Law 114-328 (10 USC 1564 note). The DESP is a DoD only initiative and is not part of the NISP. Companies participating under the DESP do not require a DoD contract, but are required to enter into a Memorandum of Agreement. Completion of the SF 328 and submission of supporting documentation (e.g., company or entity charter documents, board meeting minutes, stock or securities information, descriptions of organizational structures, contracts, sales, leases and/or loan agreements and revenue documents, annual reports and income statements, etc.) is part of the eligibility determination for access to classified information and/or issuance of an Entity Eligibility Determination (also known as a Facility Security Clearance).
The National Defense Authorization Act for Fiscal Year 2020, Public Law 116-92, Section 847, “Mitigating Risks Related to Foreign Ownership, Control, or Influence of Department of Defense Contractors or Subcontractors” (Sec. 847), requires the Secretary for Defense to improve the process and procedures for the assessment and mitigation of risks related to FOCI of contractors and subcontractors doing business with the DoD, in conjunction with the Departments efforts to develop and implement an improved analytical framework for mitigating risk relating to ownership structure, as required by 10 U.S.C. 2509 and Section 847 of Public Law 116-92. To fulfill the requirements of Sec. 847, contractors and subcontractors must disclose to DCSA their beneficial ownership and whether they are under FOCI, and to update those disclosures when changes occur to information previously provided, similar and consistent with the requirements of the NISP. DCSA intends to utilize the SF-328 as the basic information collection tool for contractors to disclose their FOCI and beneficial ownership, and to report any future changes. DoD will submit a revision request under this OMB Control Number in 2022 once the revised SF 328, including the Sec. 847 requirement, has completed necessary coordination.
2. Use of the Information
Contractor, licensee, and grantee business entities (collectively called “contractors” for the purpose of this document) performing on contracts involving access to classified information must have an Entity Eligibility Determination (also known as a Facility Security Clearance (FCL)) in accordance with the NISP. A contractor may be sponsored for an Entity Eligibility Determination by a Government Contracting Activity (GCA) or a cleared contractor in accordance with the terms of their contract and Part 117. Contractors requiring an Entity Eligibility Determination, contractors performing on a Cooperative Research and Development Agreement (CRADA) under the Department of Homeland Security (DHS) Classified Critical Infrastructure Protection Program (CCIPP), or contractors who have entered into a Memorandum of Agreement with the Department of Defense (DoD) under the Defense Enhanced Security Program (DESP) must provide business information and documentation used to determine their eligibility for participation in these programs.
For DoD (the NISP, DESP), after approving the GCA or cleared contractor’s sponsorship request, the DCSA Facility Clearance Branch (FCB) registers the contractor in the National Industrial Security System (NISS) database (NISP and DESP) or other database and provides them with a welcome package outlining process and business information, and documentation submission requirements. A NISS or other database account is issued to the contractor’s Facility Security Officer (FSO) or relevant representative. In order to evaluate a contractor’s eligibility for participation in the NISP or the DESP, DoD Standard Form 328 (SF-328) must be completed and submitted by the contractor’s FSO or other representative in NISS or other database to certify elements of FOCI as stipulated in Part 117.9 and Part 117.11. In addition, the highest excluded U.S. parent in a contractor’s organization must submit a separate consolidated SF-328, which consolidates all of the organization’s responses from the entity immediately above the contractor seeking eligibility to the highest excluded U.S. parent. The Agency Disclosure Notice (ADN) is located on the SF-328. Completion of the SF-328 and other forms is voluntary; however, the contractor’s eligibility for participation in these programs cannot be assessed if the forms are not completed. Completed SF-328s will be reviewed and triaged by FCB for completeness and identification of FOCI factors. When FOCI factors exist the contractor’s submission will be reviewed by relevant DCSA analytic elements, including the Business Analysis Unit (BAU) and the Threat Integration Branch (TIB). If there exists a level of FOCI that makes the contractor ineligible if left unmitigated the DCSA Mitigation Strategy Unit (MSU) will devise an appropriate mitigation strategy, if any, to mitigate or negate the FOCI to an acceptable level.
The completion and signing of these forms does not guarantee the award of a contract, issuance of an Entity Eligibility Determination, or access to classified information under the NISP or DESP, nor does it obligate the government to provide any type of compensation or benefit to the contractor. Eligibility for participation in these programs may be withdrawn or terminated if the contractor is not actively participating in the program or does not maintain compliance with program requirements. If eligibility is withdrawn, the contractor may be required to update and resubmit these documents and forms to reapply if a future need arises. Documents and forms must be updated and resubmitted for the duration of the contractor’s active eligibility whenever the contractor has a material change to report.
3. Use of Information Technology
100% of responses collected for this requirement will be done electronically through an approved systems of record for each Department or Agency utilizing the SF-328 to execute its responsibilities under the law. DCSA uses the National Industrial Security System (NISS, OMB Control Number 0705-0006) to collect SF-328 responses.
4. Non-duplication
The information obtained through this collection is unique and is not already available for use or adaptation from another cleared source.
5. Burden on Small Businesses
This information collection does not impose a significant economic impact on a substantial number of small businesses or entities.
6. Less Frequent Collection
The Respondent will submit the SF 328 upon initial entry into the NISP or DESP. In addition, the Respondent will submit an updated SF 328 as required to report material changes that might affect a Department or Agency’s initial determination of FOCI and beneficial ownership. If collection was conducted less frequently the requirements of the NISP or DESP would be unfulfilled. Each authority requires a Respondent to provide updated responses concerning its FOCI when material changes occur.
7. Paperwork Reduction Act Guidelines
This collection of information does not require collection to be conducted in a manner inconsistent with the guidelines delineated in 5 CFR 1320.5(d)(2).
8. Consultation and Public Comments
Part A: PUBLIC NOTICE
A 60-Day Federal Register Notice for the collection published on Wednesday, August 25, 2021. The 60-Day FRN citation is 86 FR 47481.
No comments were received during the 60-Day Comment Period.
A 30-Day Federal Register Notice for the collection published on Friday, January 14, 2022. The 30-Day FRN citation is 87 FR 2422 .
Part B: CONSULTATION
DCSA is continuously consulting with the other NISP Cognizant Security Agencies and Offices, the Information Security Oversight Office, OUSD(I&S), OUSD(A&S), OUSD(R&E), the Military Departments, and the National Industrial Security Program Policy Advisory Committee (NISPPAC) (industry participates on the NISPPAC).
9. Gifts or Payment
No payments or gifts are being offered to respondents as an incentive to participate in the collection.
10. Confidentiality
A Privacy Act Statement is not required for this collection because we are not requesting individuals to furnish personal information for a system of records.
A System of Record Notice (SORN) is not required for this collection because records are not retrievable by PII.
A Privacy Impact Assessment (PIA) is not required for this collection because PII is not being collected electronically.
Contractors posting documents in the National Industrial Security System (NISS) are advised of the following:
“This is an official U.S. Government (USG) Information System (IS) for authorized use only.
Do not Discuss, Enter, Transfer, Process, or Transmit Classified/Sensitive National Security information of greater sensitivity than that for which this system is authorized. Use of this system constitutes consent to security testing and monitoring. All individuals are advised that system administrators may provide evidence of possible criminal activity identified during such monitoring to appropriate law enforcement officials. Unauthorized attempts to upload, download or change information is strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1987, the National Information Infrastructure Protection Act of 1996, and United States Code Title 18, Section 1030. Under the Privacy Act of 1974, individuals with access to NISS must safeguard personnel information retrieved through this system. Disclosure of information is governed by Title 5, United State Code, Section 552a, Public Law 93-579, DoDD 5400.11-R and the applicable service directives. Information contained herein is exempt from mandatory disclosure under FOIA. Exemption(s) 6 and 7c apply.”
Responses to some of the questions on the SF 328 may reveal company proprietary or commercial confidential information. When the SF 328 is offered in confidence and so marked by the contractor, the SF 328 advises the contractor under the “Provision” section of the form that applicable exemptions of the Freedom of Information Act will be invoked to withhold it from public disclosure.
Records Schedule Number is DAA-0446-2017-0001. Hard copy printouts are destroyed when no longer needed. Electronic files that are part of facility security clearances (FCLs) are destroyed when no longer needed.
11. Sensitive Questions
No questions considered sensitive are being asked in this collection.
12. Respondent Burden and its Labor Costs
Part A: ESTIMATION OF RESPONDENT BURDEN
Collection Instrument(s)
SF-328: Certificate Pertaining to Foreign Interests
Number of Respondents: 2,650 (2,000 NISP; 150 DESP; 500 Highest Excluded U.S. Parent)
Number of Responses Per Respondent: 1
Number of Total Annual Responses: 2,650
Response Time: 70 minutes
Respondent Burden Hours: 3,092 hours
Total Submission Burden (Summation or average based on collection)
Total Number of Respondents: 2,650
Total Number of Annual Responses: 2,650
Total Respondent Burden Hours: 3,092 hours
Part B: LABOR COST OF RESPONDENT BURDEN
Collection Instrument(s)
SF-328: Certificate Pertaining to Foreign Interests
Number of Total Annual Responses: 2,650
Response Time: 70 minutes
Respondent Hourly Wage: $61.03
Labor Burden per Response: $71.20
Total Labor Burden: $188,684
Overall Labor Burden
Total Number of Annual Responses: 2,650
Total Labor Burden: $188,684
The Respondent hourly wage was determined by using the U.S. Bureau of Labor Statistics Wage Statistics Website at https://www.bls.gov/oes/current/oes_nat.htm. The selection made was for 23-1011, Lawyers, median hourly wage of $61.03. The individuals that fill out this information are typically the Facility Security Officer (no specific line found but estimated to make less than selection), Compliance Officer (13-1041 and makes $34.18 as a median hourly wage), Chief Financial Officer (no specific line found but 11-3031, Financial Managers make $64.51 as a median hourly wage), or Chief Executive Officer (11-1011 and makes $89.40 as a median hourly wage).
13. Respondent Costs Other Than Burden Hour Costs
There are no annualized costs to respondents other than the labor burden costs addressed in Section 12 of this document to complete this collection.
14. Cost to the Federal Government
Part A: LABOR COST TO THE FEDERAL GOVERNMENT
Collection Instrument(s)
SF-328: Certificate Pertaining to Foreign Interests
Number of Total Annual Responses: 2,650
Processing Time per Response: 229 minutes
Hourly Wage of Worker(s) Processing Responses: $49.85
Cost to Process Each Response: $190.26
Total Cost to Process Responses: $504,191
Overall Labor Burden to the Federal Government
Total Number of Annual Responses: 2,650
Total Labor Burden: $504,191
Part B: OPERATIONAL AND MAINTENANCE COSTS
Cost Categories
Equipment: $0
Printing: $0
Postage: $0
Software Purchases: $0
Licensing Costs: $0
Other: $0
Total Operational and Maintenance Cost: $0
Part C: TOTAL COST TO THE FEDERAL GOVERNMENT
Total Labor Cost to the Federal Government: $504,191
Total Operational and Maintenance Costs: $0
Total Cost to the Federal Government: $504,191
15. Reasons for Change in Burden
The burden has increased since the previous approval due to increased FOCI within the Defense Industrial Base and more companies entering the Defense Industrial Base.
16. Publication of Results
The results of this information collection will not be published.
17. Non-Display of OMB Expiration Date
We are not seeking approval to omit the display of the expiration date of the OMB approval on the collection instrument.
18. Exceptions to “Certification for Paperwork Reduction Submissions”
We are not requesting any exemptions to the provisions stated in 5 CFR 1320.9.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | Kaitlin Chiarelli |
| File Modified | 0000-00-00 |
| File Created | 2022-01-21 |