Part 1239 Clauses
1252.239-76; 1252-239-77; 1252-239-80; 1252-239-83; 1252-239-85;
and 1252-239-88.
New
collection (Request for a new OMB Control Number)
No
Regular
02/03/2022
Requested
Previously Approved
36 Months From Approved
534
0
338
0
11,221
0
As a result of proposed rule, RIN
2105-AE26: Streamline and Update the Department of Transportation
Acquisition Regulation posted to the Federal Register, 86FR69452,
on December 7, 2021, TAR Case 2020-001, this is a request from the
Department of Transportation (DOT) for OMB approval of a new
Information Collection (IC). Under Public Law 113-283, Federal
Information Security Modernization Act of 2014, each agency of the
Federal Government must provide security for the information and
information systems that support the operations and assets of the
agency, including those provided or managed by another agency,
contractor, or other source. In order for DOT to comply with Public
Law 113-283, Federal Information Security Modernization Act of
2014, DOT developed the following clauses: • 1252.239-76, Cloud
Computing Services. • 1252.239-77, Data Jurisdiction. •
1252.239-80, Audit Record Retention for Cloud Service Providers. •
1252.239-83, Incident Reporting Timeframes. • 1252.239-85,
Personnel Screening—Background Investigations. • 1252.239-88,
Security Alerts, Advisories, and Directives. These clauses contain
the following information collection requirements from the public:
1252.239-76, Cloud Computing Services: • Notification of new or
unanticipated threats or hazards, or if existing safeguards have
ceased to function • Providing results of vendor-conducted scans or
audits • Cyber incident reporting and assessment • Malicious
software submittal • Media images of known information systems and
relevant monitoring / packet capture data 1252.239-77, Data
Jurisdiction: • Identifying all data centers that data at rest or
data back-up resides, including primary and replicated storage
1252.239-80, Audit Record Retention for Cloud Service Providers: •
Transfer of permanent records to NARA or deletion of temporary
records and reporting of same 1252.239-83, Incident Reporting
Timeframes: • Cyber incident reporting 1252.239-85, Personnel
Screening—Background Investigations: • Furnish documentation
reflecting favorable adjudication of background investigations
1252.239-88, Security Alerts, Advisories, and Directives: • Provide
list of personnel assigned system administration, monitoring, and /
or security responsibilities and designated to receive security
alerts, advisories, and directives and those personnel responsible
for implementation of remedial actions associated with
them
PL:
Pub.L. 113 - 283 1 Name of Law: Federal Information Security
Modernization Act of 2014
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.
2105-XXXX SS for DOT TAR Group 4 AE26 - 1252.239-76,77,80,83,85,88 -PR 86FR69452 31JAN2022.docx
Part 1239 Clauses 1252.239-76; 1252-239-77; 1252-239-80; 1252-239-83; 1252-239-85; and 1252-239-88