Your World of Legal Intelligence
 United States | 1-800-335-6202

Acquisition regulations: Unclassified information technology resources; security requirements,

As Enacted ( Federal Register) Cited authorities 2 Cited in Related
Vincent

[Federal Register: July 26, 2002 (Volume 67, Number 144)]

[Rules and Regulations]

[Page 48814-48815]

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

[DOCID:fr26jy02-19]

NATIONAL AERONAUTICS AND SPACE ADMINISTRATION

48 CFR Parts 1804 and 1852

Security Requirements for Unclassified Information Technology Resources

AGENCY: National Aeronautics and Space Administration (NASA).

ACTION: Final rule.

SUMMARY: This final rule adopts with changes the interim rule published in the Federal Register on July 12, 2001. The interim rule amended the NASA FAR Supplement (NFS) to clarify information technology (IT) security requirements for sensitive information contained in unclassified automated information resources

EFFECTIVE DATE: July 26, 2002.

FOR FURTHER INFORMATION CONTACT: Karl Beisel, NASA Headquarters, Code HC, Washington, DC 20546, (202) 358-0416, kbeisel@mail.hq.nasa.gov.

SUPPLEMENTARY INFORMATION:

  1. Background

    NASA published an interim rule in the Federal Register at 66 FR 36490 on July 12, 2001, revising NFS section 1804.470 and the clause at 1852.204-76, Security Requirements for Unclassified Information Technology Resources. These sections address security requirements for unclassified IT resources. The action implemented The Computer Security Act of 1987 and Appendix III of the Office of Management and Budget (OMB) Circular No. A-130, Security of Federal Automated Information Resources, which require adequate security be provided for all Agency information collected, processed, transmitted, stored, or disseminated. NFS section 1804.470 contains the requirement for all NASA contractors and subcontractors to comply with Federal and NASA policies in safeguarding unclassified NASA data held via information technology (IT).

    Public comments were received from one source. The comments were considered in developing this final rule.

    Changes are made in this final rule to section 1804.470-1, Scope, to reference Federal policies that are implemented through NASA's Procedures and Guidelines (NPG) 2810.1, Security of Information Technology, and amend paragraph (d)(3)(i) of the clause at 1852.204-76 to remove the exemption of certain information contained in Standard Form 85P, Questionnaire for Public Trust Positions.

    NASA understands that the FAR Council is working with the OMB

    [[Page 48815]]

    Committee on Executive Branch Information Systems Security under the President's Critical Infrastructure Protection Board on the development of a government-wide IT security clause. The purpose of this work is to ensure that IT security requirements are included in all applicable Federal government contracts. Upon completion of this government-wide effort, NASA will modify its rule, as may be necessary, to ensure consistency with the FAR coverage.

    This is not a significant regulatory action, and therefore, was not subject to review under Section 6(b) of Executive Order 12866, Regulatory Planning and Review, dated September 30, 1993. This rule is not a major rule under 5 U.S.C. 804

  2. Regulatory Flexibility Act

    NASA certifies that this rule will not have a significant economic impact on a substantial number of small entities within the meaning of the Regulatory Flexibility Act (5 U.S.C. 601 et seq.), because this rule only clarifies existing requirements and does not impose any new requirements.

  3. Paperwork Reduction Act

    This rule clarifies existing requirements that were previously approved by the Office of Management and Budget (OMB) under OMB Control No. 2700-0098.

    List of Subjects in 48 CFR Parts 1804 and 1852

    Government Procurement.

    Tom Luedtke, Assistant Administrator for Procurement.

    Interim Rule Adopted as Final With Change

    Accordingly, the interim rule amending 48 CFR parts 1804 and 1852, published at 66 FR 36492 on July 12, 2001, is adopted as final with the following changes:

    1. The authority citation for 48 CFR parts 1804 and 1852 continues to read as follows:

      Authority: 42 U.S.C. 2473(c)(1).

      PART 1804--ADMINISTRATIVE MATTERS

    2. Revise section 1804.470-1 to read as follows:

      1804.470-1 Scope.

      This section implements NASA's acquisition-related aspects of Federal policies for assuring the security of unclassified automated information resources. Federal policies include, but are not limited to, the Computer Security Act of 1987 (40 U.S.C. 1441 et seq.), the Clinger-Cohen Act of 1996 (40 U.S.C. 1401 et seq.), Public Law 106-398, section 1061, Government Information Security Reform, OMB Circular A- 130, Management of Federal Information Resources, and the National Institute of Standards and Technology security guidance and standards.

      PART 1852--SOLICITATION PROVISIONS AND CONTRACT CLAUSES

      1852.204-76 [Amended]

    3. Amend section 1852.204-76 in the clause heading by removing ``(JULY 2001)'' and adding ``(July 2002)'' in its place; and in paragraph (d)(3)(i) by removing ``(Information regarding financial record, question 22, and the Authorization for Release of Medical Information are not applicable)''.

      [FR Doc. 02-19004Filed7-25-02; 8:45 am]

      BILLING CODE 7510-01-P

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT