Federal Management Regulation; Physical Security

Citation85 FR 12489
Record Number2020-04268
Published date03 March 2020
CourtGeneral Services Administration
Federal Register, Volume 85 Issue 42 (Tuesday, March 3, 2020)
[Federal Register Volume 85, Number 42 (Tuesday, March 3, 2020)]
                [Proposed Rules]
                [Pages 12489-12493]
                From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
                [FR Doc No: 2020-04268]
                =======================================================================
                -----------------------------------------------------------------------
                GENERAL SERVICES ADMINISTRATION
                41 CFR Part 102-81
                [FMR Case 2018-102-2; Docket No. 2020-0009; Sequence No. 1]
                RIN 3090-AJ94
                Federal Management Regulation; Physical Security
                AGENCY: Office of Government-wide Policy (OGP), General Services
                Administration (GSA).
                ACTION: Proposed rule.
                -----------------------------------------------------------------------
                SUMMARY: The General Services Administration is proposing to revise the
                Federal Management Regulation (FMR) to clarify the responsibilities of
                agencies for maintaining physical security standards in federally owned
                and leased facilities in light of current law, executive orders and
                updated standards. The revision will also update nomenclature and
                reorganize the subparts for better readability and clarity.
                DATES: Interested parties should submit written comments to the
                Regulatory Secretariat Division at one of the addresses shown below on
                or before May 4, 2020 to be considered in the formation of the final
                rule.
                ADDRESSES: Submit comments in response to FMR Case 2018-102-2 by any of
                the following methods:
                 Regulations.gov: http://www.regulations.gov. Submit
                comments via the Federal eRulemaking portal by entering ``FMR Case
                2018-102-2'' under the heading select ``Enter Keyword or ID'' and
                select ``Search''. Select the link ``Submit a Comment'' that
                corresponds with ``FMR Case 2018-102-2'' and follow the instructions
                provided at the ``Comment Now'' screen. Please include your name,
                company name (if any), and ``FMR Case 2018-102-2'' on your attached
                document.
                 Mail: General Services Administration, Regulatory
                Secretariat Division (MVCB), ATTN: Ms. Lois Mandell, Director, 1800 F
                Street NW, 2nd Floor, Washington, DC 20405.
                 Instructions: Please submit comments only and cite ``FMR Case 2018-
                102-2'' in all correspondence related to this case. All comments
                received will be posted without change to http://www.regulations.gov
                including any personal and business confidential
                [[Page 12490]]
                information provided. To confirm receipt of your comment(s), please
                check http://www.regulations.gov, approximately two to three days after
                submission to verify posting (except allow 30 days for posting of
                comments submitted by mail).
                FOR FURTHER INFORMATION CONTACT: For clarification of content, contact
                Mr. Chris Coneeney, Director, Real Property Policy Division, Office of
                Government-wide Policy at 202-501-2956 or [email protected]. For
                information pertaining to status or publication schedules, contact the
                Regulatory Secretariat Division (MVCB), 1800 F Street NW, Washington,
                DC 20405, 202-501-4755. Please cite ``FMR Case 2018-102-2''.
                SUPPLEMENTARY INFORMATION:
                A. Background and Authority for This Rulemaking
                 6 U.S.C. 232 vests in the GSA Administrator the authority to
                operate, maintain and protect buildings and grounds owned or occupied
                by the Federal Government and under the jurisdiction, custody or
                control of the Administrator. This rule proposes to revise in its
                entirety 41 CFR part 102-81, Physical Security, last published in the
                Federal Register on November 8, 2005 (70 FR 67856), in light of changes
                to law, executive orders and updated standards. This regulation is
                applicable to all GSA-controlled facilities, including those owned and
                leased under GSA authority and those delegated under GSA authority.
                 Six months after the bombing of the Alfred P. Murrah Federal
                Building, President William Clinton issued Executive Order (E.O.)
                12977: Interagency Security Committee, creating the Interagency
                Security Committee (ISC) within the Executive Branch (60 FR 54411, Oct.
                19, 1995). The ISC is a membership organization that includes 63
                Federal departments and agencies. The ISC's mandate is to enhance the
                quality and effectiveness of physical security in, and the protection
                of, buildings and nonmilitary Federal facilities, and to provide a
                permanent body to address continuing government-wide security issues
                for these facilities. Pursuant to E.O. 12977, the ISC also prepared
                guidance for the Facility Security Committees (FSCs) that are
                responsible for addressing and implementing facility-specific security
                issues at each multi-occupant Federal facility.
                 In response to the terrorist attacks on September 11, 2001,
                Congress enacted the Homeland Security Act of 2002 (available at
                https://www.dhs.gov/sites/default/files/publications/hr_5005_enr.pdf),
                Public Law 107-296, 116 Stat 2135 (the ``Act''), to better protect the
                assets and critical infrastructure of the United States. The Act
                established the U.S. Department of Homeland Security (DHS), and among
                other things, transferred the Federal Protective Service (FPS) from GSA
                to DHS. FPS was established as a component of GSA in January 1971, and
                historically has been the security organization that conducts
                investigations to protect property under the control of GSA, enforces
                Federal laws to protect persons and property, and makes arrests without
                a warrant for any offense committed upon Federal property if a
                policeman had reason to believe the offense was a felony and the person
                to be arrested was guilty of the felony. Section 1706 of the Act,
                codified at 40 U.S.C. 1315, transferred FPS's specific security and law
                enforcement functions and authorities to the Secretary of Homeland
                Security.
                 Section 422 of the Act also references 6 U.S.C. 232, which vests in
                the Administrator of General Services the authority to operate,
                maintain and protect buildings and grounds owned or occupied by the
                Federal Government and under the jurisdiction, custody or control of
                the Administrator.
                 Following enactment of the Act, President George Bush issued E.O.
                13286: Amendment of Executive Orders, and Other Actions, in Connection
                With the Transfer of Certain Functions to the Secretary of Homeland
                Security, which transferred responsibility for chairing the ISC from
                the Administrator of General Services to the Secretary of Homeland
                Security (68 FR 10619, March 5, 2003).
                 In August 2004, President George Bush issued Homeland Security
                Presidential Directive 12 (HSPD-12) (available at https://www.dhs.gov/homeland-security-presidential-directive-12), which requires, to the
                maximum extent practicable, the use of identification by Federal
                employees and contractors that meets the standard promulgated by the
                Secretary of Commerce (e.g., Federal Information Processing Standard
                Publication 201) to gain physical access to Federally controlled
                facilities.
                 HSPD-12 was followed by the REAL ID Act of 2005, Public Law 109-13,
                119 Stat. 302 (the ``REAL ID Act''), which establishes minimum security
                standards for license issuance and production and prohibits Federal
                agencies from accepting for certain purposes driver's licenses and
                identification cards from states not meeting the REAL ID Act's minimum
                standards. The purposes covered by the REAL ID Act are accessing
                Federal facilities, entering nuclear power plants and boarding
                federally regulated commercial aircraft.
                 In June 2006, GSA and DHS signed a Memorandum of Agreement (MOA)
                outlining the responsibilities of each agency with regard to facility
                security. According to the MOA, FPS is required to conduct facility
                security assessments of GSA buildings in accordance with ISC standards.
                The resulting facility security assessment report should include
                recommended countermeasures for identified vulnerabilities. The MOA
                also established that both agencies are responsible for the
                implementation of approved countermeasures, with FPS responsible for
                security equipment and GSA in charge of facility security fixtures.
                This 2006 MOA was revised and superseded by an MOA executed by DHS and
                GSA as of September 27, 2018.
                 In February 2013, Presidential Policy Directive 21: Critical
                Infrastructure Security and Resilience required the Secretary of
                Homeland Security (available at https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil) to conduct comprehensive assessments
                of the vulnerabilities of the nation's critical infrastructure. This
                directive also designated both GSA and DHS as the responsible agencies
                for providing institutional knowledge and specialized expertise in
                support of security programs and activities for government buildings.
                 In August 2013, the ISC issued The Risk Management Process for
                Federal Facilities (the ``RMP Standard''), a standard to define the
                criteria and processes to determine the facility security level and
                provide a single source of physical security countermeasures for
                federal buildings. The ISC updated the standard in November 2016. See,
                The Risk Management Process for Federal Facilities: An Interagency
                Security Committee Standard (2nd Ed., November 2016) https://www.cisa.gov/sites/default/files/publications/isc-risk-management-process-2016-508.pdf. The following terms have the same definition as
                ascribed to them in the RMP Standard:
                Baseline Level of Protection,
                Facility Security Assessment,
                Facility Security Committee,
                Facility Security Level,
                Risk,
                Risk Mitigation,
                Level of Protection,
                Level of Risk, and
                [[Page 12491]]
                Vulnerability.
                 Some notable provisions of the ISC standard are described below:
                 (a) According to the ISC standard, buildings with two or more
                federal tenants should have a FSC. See, Facility Security Committees:
                An Interagency Security Committee Standard (2nd Ed. Jan. 1, 2012)
                (available at https://www.dhs.gov/xlibrary/assets/isc-facility-security-committees-standard-january-2012-2nd-edition.pdf). FSCs are
                responsible for addressing building-specific security issues and
                approving the implementation of recommended countermeasures and
                practices. FSCs include representatives of all federal occupant
                agencies in the building, as well as FPS and GSA. However, FPS and GSA
                do not have voting rights, unless they are occupants in the building.
                If the FSC approves a countermeasure, each federal occupant agency in
                the building is responsible for funding its pro rata share of the cost.
                According to the ISC standard, in a building with only one federal
                occupant agency, that agency is the decision-maker for the building's
                security. Therefore, these types of buildings do not require FSCs.
                 (b) The ISC standard requires FPS to conduct facility security
                assessments to identify vulnerabilities and recommend countermeasures.
                FSCs use a building's facility security assessment report to--
                 1. Evaluate security risk;
                 2. Implement countermeasures to mitigate risk; and
                 3. Allocate security resources effectively.
                 For example, a facility security assessment report might include a
                recommendation to install cameras and relocate a loading dock. Upon
                deliberation, the FSC might decide only to install the cameras. FPS, in
                consultation with the FSC, helps determine a facility's security level,
                which determines the baseline level of protection. Facility security
                levels range from Level 1 (lowest risk) to Level 5 (highest risk), and
                dictate the frequency of the facility security assessments for that
                building. The facility security level is based on five factors: Mission
                criticality, symbolism, building population, building size, and threat
                to occupant agencies. In addition, intangibles (such as a short
                duration occupancy) can be used to adjust the security level.
                 Occupant agency or FSCs use the facility security assessment
                reports they receive from FPS to inform deliberations regarding
                recommended risk mitigation countermeasures and other security related
                actions. GSA will facilitate the implementation of the countermeasures
                or other actions after occupant agency or FSC approval, and commitment
                of each occupant agency to pay its pro rata share of the cost.
                B. Section-by-Section Analysis and Regulatory Changes Proposed by GSA
                in This Rulemaking
                Subpart A--General Provisions
                Sec. 102-81.5
                 GSA proposes changes in this section to describe more accurately
                the scope and coverage of the regulation. The regulation uses the
                phrase ``under the jurisdiction, custody or control of GSA,'' which
                appears in 6 U.S.C. 232, to describe the buildings and grounds owned or
                occupied by the Federal Government that are covered by this part. This
                phrase replaces and clarifies the phrase ``operating under, or subject
                to, the authorities of the Administrator of General Services,'' which
                was used in the previous version. The definitions of ``Federal
                facility'' and ``Federal grounds'' are included to clarify any
                confusion in the scope.
                Sec. 102-81.10
                 GSA proposes a substantive change to this section to clarify that,
                under E.O. 12977, the ISC is responsible for setting policies and
                recommendations that govern Federal agency physical security. The ISC
                issues standards, such as the ISC Risk Management Process Standard (2nd
                Ed., November 2016) (the ``RMP Standard''). ISC policies do not
                supersede other laws, regulations and executive orders that are
                intended to protect unique assets.
                Sec. 102-81.15
                 GSA proposes adding this section to clarify the governing
                authorities that pertain to this regulation.
                Sec. 102-81.20
                 GSA proposes to eliminate in its entirety the previous section 102-
                81.20 because the RMP Standard supersedes all previous guidance
                contained in the Department of Justice's report ``Vulnerability
                Assessment of Federal Facilities'' (June 28, 1995). There is no
                difference between existing and new facilities in the ISC policies and
                standards. GSA proposes to add the replacement provision to clarify
                that Federal agencies are required to follow this regulation. Federal
                agencies must cooperate and comply with ISC policies and
                recommendations, except where the Director of National Intelligence
                determines that compliance would jeopardize intelligence sources and
                methods or the Secretary of Energy determines that compliance would
                conflict with the authorities of the Secretary of Energy over
                Restricted Data and Special Nuclear Material under, among others,
                sections 141, 145, 146, 147, and 161 of the Atomic Energy Act of 1954,
                as amended, the Department of Energy Organization Act, or any other
                statute.
                Subpart B--Physical Security
                Sec. 102-81.25
                 GSA proposes to eliminate in its entirety the previous section 102-
                81.25 because the RMP Standard supersedes all previous guidance
                contained in the Department of Justice's report ``Vulnerability
                Assessment of Federal Facilities'' (June 28, 1995). GSA proposes to add
                the replacement provision to clarify that Federal agencies are
                responsible for meeting physical security standards in accordance with
                ISC standards, policies and recommendations. Occupant agency or FSCs
                use the facility security assessment reports they receive from FPS to
                inform deliberations regarding recommended countermeasures and other
                security related actions. GSA will facilitate the implementation of the
                countermeasures or other actions after occupant agency or FSC approval,
                and commitment of each occupant agency to pay its pro rata share of the
                cost.
                Sec. 102-81.30
                 GSA proposes to eliminate in its entirety the previous section 102-
                81.30 because the requirements are addressed in section 231 of Public
                Law 101-647. GSA proposes to add the replacement provision to be
                consistent with the RMP Standard. This section now describes physical
                security considerations associated with existing facilities.
                Sec. 102-81.31
                 GSA proposes adding this section to be consistent with the RMP
                Standard. This section describes physical security considerations
                associated with leased facilities or new construction.
                C. Executive Orders 12866 and 13563
                 Executive Orders 12866 and 13563 direct agencies to assess all
                costs and benefits of available regulatory alternatives and, if
                regulation is necessary, to select regulatory approaches that maximize
                net benefits (including potential economic, environmental, public
                health and safety effects, distributive impacts, and equity). Executive
                Order 13563 emphasizes the importance of quantifying both costs and
                benefits of reducing costs, harmonizing rules and promoting
                flexibility. This rule is a
                [[Page 12492]]
                significant regulatory action, and is subject to review under section
                6(b) of E.O. 12866. This rule is not a major rule under 5 U.S.C. 804.
                D. Executive Order 13771
                 This proposed rule is not expected to be subject to the
                requirements of E.O. 13771 (82 FR 9339, February 3, 2017) because this
                proposed rule is expected to be related to agency organization,
                management, or personnel.
                E. Regulatory Flexibility Act
                 GSA certifies this rule will not have a significant economic impact
                on a substantial number of small entities because it applies only to
                Federal agencies and employees.
                F. Paperwork Reduction Act
                 The Paperwork Reduction Act does not apply because the changes to
                the FMR do not impose recordkeeping or information collection
                requirements on, or the collection of information from, offerors,
                contractors or members of the public that require the approval of the
                Office of Management and Budget under 44 U.S.C. 3501 et seq.
                G. Small Business Regulatory Enforcement Fairness Act
                 This proposed rule is exempt from Congressional review under 5
                U.S.C. 801, since it relates solely to agency management or personnel.
                List of Subjects in 41 CFR Part 102-81
                 Federal buildings and facilities, Government property management
                and physical security measures.
                Jessica Salmoiraghi,
                Associate Administrator, Office of Government-wide Policy.
                 For the reasons set forth in the preamble, GSA proposes to revise
                in its entirety 41 CFR part 102-81 as follows:
                PART 102-81--Physical Security
                0
                1. The authority citation for part 102-81 is revised to read as
                follows:
                 Authority: 40 U.S.C. 121(c) and 581; 6 U.S.C. 232; Homeland
                Security Presidential Directive 12; and the REAL ID Act of 2005,
                Pub. L. 109-13, 119 Stat. 302.
                0
                2. Amend part 102-81 to read as follows:
                Part 102-81--Physical Security
                Subpart A--General Provisions
                Sec.
                Sec. 102-81.5 What does this part cover?
                Sec. 102-81.10 What basic physical security policy governs Federal
                agencies?
                Sec. 102-81.15 What are the governing authorities for this part?
                Sec. 102-81.20 Who must comply with these provisions?
                Subpart B--Physical Security
                Sec. 102-81.25 Who is responsible for implementing, maintaining and
                upgrading physical security standards in each Federally owned and
                leased facility?
                Sec. 102-81.30 Are there any special considerations for existing
                facilities?
                Sec. 102-81.31 Are there any special considerations for leased
                facilities or new construction?
                Subpart A--General Provisions
                Sec. 102-81.5 What does this part cover?
                 This part covers physical security in and at federally owned and
                leased facilities and grounds under the jurisdiction, custody or
                control of GSA, including those facilities and grounds that have been
                delegated by the Administrator of General Services. Federal facility
                means all or any part of any building, physical structure or associated
                support infrastructure (e.g., parking facilities and utilities) that is
                under the jurisdiction, custody or control of GSA. Federal grounds mean
                all or any part of any area outside a Federal facility that is under
                the jurisdiction, custody or control of GSA.
                Sec. 102-81.10 What basic physical security policy governs Federal
                agencies?
                 The Interagency Security Committee (ISC) is responsible for
                developing and evaluating physical security standards for Federal
                facilities. In accordance with Executive Order 12977, the ISC sets
                policies and recommendations that govern Federal agency physical
                security. This includes the ISC Risk Management Process Standard (the
                ``RMP Standard'') that Federal agencies use in the protection of the
                real property they occupy, including the protection of persons on the
                property. The goal of the RMP Standard is a level of protection
                commensurate with the level of risk. ISC policies do not supersede
                other laws, regulations, and executive orders that are intended to
                protect unique assets.
                Sec. 102-81.15 What are the governing authorities for this part?
                 The governing authorities are as follows:
                 (a) 40 U.S.C. 121(c) and 581.
                 (b) Executive Order 12977.
                 (c) Executive Order 13286, sec. 23.
                 (d) 6 U.S.C. 232.
                 (e) Homeland Security Presidential Directive 12.
                 (f) REAL ID Act of 2005 (Pub. L. 109-13).
                Sec. 102-81.20 Who must comply with these provisions?
                 Each occupant agency in a Federal facility or on Federal grounds
                under the jurisdiction, custody or control of GSA, including those
                facilities and grounds that have been delegated by the Administrator of
                General Services, must cooperate and comply with these provisions,
                except where the Director of National Intelligence determines that
                compliance would jeopardize intelligence sources and methods or the
                Secretary of Energy determines that compliance would conflict with the
                authorities of the Secretary of Energy over Restricted Data and Special
                Nuclear Material under, among others, sections 141, 145, 146, 147, and
                161 of the Atomic Energy Act of 1954, as amended, the Department of
                Energy Organization Act, or any other statute.
                Subpart B--Physical Security
                Sec. 102-81.25 Who is responsible for implementing, maintaining and
                upgrading physical security standards in each Federally owned and
                leased facility?
                 Each occupant agency in a Federal facility or on Federal grounds
                under the jurisdiction, custody or control of GSA, including those
                facilities and grounds that have been delegated by the Administrator of
                General Services, is responsible for meeting physical security
                standards in accordance with ISC standards, policies and
                recommendations. Occupant agency or FSCs use the facility security
                assessment reports they receive from FPS to inform deliberations
                regarding recommended countermeasures and other security related
                actions. GSA will facilitate the implementation of the countermeasures
                or other actions after occupant agency or FSC approval, and commitment
                of each occupant agency to pay its pro rata share of the cost.
                Sec. 102-81.30 Are there any special considerations for existing
                facilities?
                 As provided in subsection 5.2.2 of the RMP Standard, for existing
                Federal facilities, both leased and government-owned, the RMP Standard
                is applied as part of the periodic risk assessment process. The
                security organization will conduct a periodic risk assessment and
                recommend countermeasures and design features to be implemented at the
                facility. The FSC will determine whether the recommended
                countermeasures will be implemented or if risk will be accepted. The
                design and implementation of approved countermeasures at existing
                facilities must comply with applicable laws, regulations and executive
                orders. For approved countermeasures that cannot
                [[Page 12493]]
                be implemented immediately, a plan to phase in countermeasures and
                achieve compliance must be instituted and documented in accordance with
                the RMP Standard. In some cases, the implementation of countermeasures
                must be delayed until renovations or modernization programs occur.
                Sec. 102-81.31 Are there any special considerations for leased
                facilities or new construction?
                 Yes. GSA will coordinate with the occupant agency and the security
                organization responsible for the Federal facility when determining the
                applicable physical security clauses to use in the procurement package.
                [FR Doc. 2020-04268 Filed 3-2-20; 8:45 am]
                 BILLING CODE 6820-14-P
                

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT