Grant and Cooperative Agreement Handbook: Unclassified information technology resources; security requirements,
[Federal Register: December 4, 2002 (Volume 67, Number 233)]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
NATIONAL AERONAUTICS AND SPACE ADMINISTRATION
14 CFR Part 1260
NASA Grant and Cooperative Agreement Handbook--Security Requirements for Unclassified Information Technology Resources
AGENCY: National Aeronautics and Space Administration.
ACTION: Proposed rule.
SUMMARY: This is a proposed rule to amend the NASA Grant and Cooperative Agreement Handbook to require recipients of grants and cooperative agreements to provide adequate security for all Agency information collected, processed, transmitted, stored, or disseminated through information technology. This would extend the coverage applicable to NASA contractors to recipients of grants and cooperative agreements.
DATES: Comments should be submitted on or before February 3, 2003.
ADDRESSES: Interested parties should submit written comments to Paul Brundage, NASA Headquarters, Office of Procurement, Analysis Division (Code HC), Washington, DC 20546. Comments may also be submitted by email to: firstname.lastname@example.org.
FOR FURTHER INFORMATION CONTACT: Paul Brundage, NASA Headquarters, Code HC, Washington, DC (202) 358-0481, e-mail: email@example.com.
The Computer Security Act of 1987 and Appendix III of the Office of Management and Budget (OMB) Circular No. A-130, Security of Federal Automated Information Resources, require that adequate security be provided for all Agency information collected, processed, transmitted, stored, or disseminated. The NASA FAR Supplement (NFS) Part 1804 contains the requirement for all NASA contractors to comply with Federal and NASA policies in safeguarding unclassified NASA data held via information technology (IT). This change would establish comparable coverage for grants and cooperative agreements.
This is not a significant regulatory action, and therefore, was not subject to review under Section 6(b) of Executive Order 12866, Regulatory Planning and Review, dated September 30, 1993. This rule is not a major rule under 5 U.S.C. 804.
Regulatory Flexibility Act
NASA certifies that this proposed rule will not have a significant economic impact on a substantial number of small entities within the meaning of the Regulatory Flexibility Act, 5 U.S.C. 601 et seq., because the changes will affect an insignificant number of grants and cooperative agreements.
Paperwork Reduction Act
An Office of Management and Budget (OMB) approval for data collection has previously been approved under OMB Control No. 2700- 0098.
List of Subjects in 14 CFR Part 1260
Grant Programs--Science and Technology.
Tom Luedtke, Assistant Administrator for Procurement.
Accordingly, 14 CFR Part 1260 is proposed to be amended as follows:
The authority citation for 14 CFR 1260 continues to read as follows:
Authority: 42 U.S.C. 2473(c)(1), Pub. L. 97-258, 96 Stat. 1003 (31 U.S.C. 6301, et seq.), and OMB Circular A-110.
PART 1260--GRANTS AND COOPERATIVE AGREEMENTS
Amend section 1260.50 by adding paragraph (f) to read as follows:
Sec. 1260.50 Special conditions.
* * * * *
(f) Security requirements for unclassified information technology resources. Under NASA grants and cooperative agreements, recipients normally do not collect, process, transmit, store, or disseminate unique Agency data of substantial value using information technology. However, if it is known that a grant or cooperative agreement will include such use of information technology, the NASA Grant Officer shall insert a provision substantially the same as Sec. 1274.937. When such use of information technology is not originally anticipated in the performance of a grant, but it later becomes appropriate, the NASA Technical Officer shall immediately notify the NASA Grant Officer before such use of information technology occurs, and the NASA Grant Officer shall amend the grant to include a provision substantially the same as Sec. 1274.937. NASA policies and procedures on security for automated information technology are prescribed in NPD 2810.1, Security of Information Technology, and in NPG 2810.1, Security of Information Technology.
[FR Doc. 02-30652 Filed 12-3-02; 8:45 am]
BILLING CODE 7510-01-P