AGENCY:

Department of Defense (DoD).

ACTION:

Semiannual Regulatory Agenda.

SUMMARY:

This agenda announces the regulatory actions the Department of Defense (DoD) plans to take in the next 12 months and those regulatory actions completed since the publication of the spring 2021 Unified Agenda. It was developed under the guidelines of Executive Order 12866, “Regulatory Planning and Review,” and Executive Order 13563, “Improving Regulation and Regulatory Review.” This agenda includes regulatory actions that support or impact the Secretary of Defense's top priorities along with those of the National Defense Strategy to defend the Nation by taking care of our people, building a more lethal force, succeeding through teamwork, reforming business practices, and address the current worldwide pandemic. These include efforts to ensure TRICARE beneficiaries have access to the most up-to-date care required for the diagnosis and treatment of COVID-19. Members of the public may submit comments on individual proposed and interim final rulemakings at www.regulations.gov during the comment period that follows publication in the Federal Register .

This agenda updates the report published on July 30, 2021, and includes regulations expected to be issued and under review over the next 12 months. The next agenda will publish in the spring of 2022.

The complete Unified Agenda will be available online at www.reginfo.gov.

Because publication in the Federal Register is mandated for the regulatory flexibility agendas required by the Regulatory Flexibility Act (5 U.S.C. 602), the Department of Defense's printed agenda entries include only:

(1) Rules that are in the Agency's regulatory flexibility agenda, in accordance with the Regulatory Flexibility Act, because they are likely to have a significant economic impact on a substantial number of small entities; and

(2) Any rules that the Agency has identified for periodic review under section 610 of the Regulatory Flexibility Act.

Printing of these entries is limited to fields that contain information required by the Regulatory Flexibility Act's agenda requirements. Additional information on these entries is in the Unified Agenda available online.

FOR FURTHER INFORMATION CONTACT:

For information concerning the overall DoD regulatory program and for general semiannual agenda information, contact Ms. Patricia Toppings, telephone 571-372-0485, or write to Office of the Assistant to the Secretary of Defense for Privacy, Civil Liberties, and Transparency, 1155 Defense Pentagon, Washington, DC 20301-1155, or email: patricia.l.toppings.civ@mail.mil.

For questions of a legal nature concerning the agenda and its statutory requirements or obligations, write to Office of the General Counsel, 1600 Defense Pentagon, Washington, DC 20301-1600, telephone 703-693-9958, or email: gerald.j.dziecichowicz.civ@mail.mil.

For general information on Office of the Secretary regulations, other than those which are procurement-related, contact Ms. Patricia Toppings, telephone 571-372-0485, or write to Office of the Assistant to the Secretary of Defense for Privacy, Civil Liberties, and Transparency, 1155 Defense Pentagon, Washington, DC 20301-1155, or email: patricia.l.toppings.civ@mail.mil.

For general information on Office of the Secretary regulations which are procurement-related, contact Ms. Jennifer Johnson, telephone 571-372-6100, or write to Office of the Under Secretary of Defense for Acquisition and Sustainment, Defense Pricing and Contracting, Defense Acquisition Regulations System, Room 3B941, 3060 Defense Pentagon, Washington, DC 20301-3060, or email: jennifer.d.johnson1.civ@mail.mil.

For general information on Department of the Army regulations, contact Mr. James “Jay” Satterwhite, telephone 571-515-0304, or write to the U.S. Army Records Management and Declassification Agency, ATTN: AAHS-RDO, Building 1458, 9301 Chapek Road, Ft. Belvoir, VA 22060-5605, or email: james.w.satterwhite.civ@mail.mil.

For general information on the U.S. Army Corps of Engineers regulations, contact Ms. Stacey Jensen, telephone 703-695-6791, or write to Office of the Assistant Secretary of the Army (Civil Works), 108 Army Pentagon, Room 3E441, Washington, DC 20310-0108, or email: stacey.m.jensen.civ@mail.mil.

For general information on Department of the Navy regulations, contact LCDR Jenny Pike, telephone 703-614-7408, or write to Department of the Navy, Office of the Judge Advocate General, Administrative Law Division (Code 13), Washington Navy Yard, 1322 Patterson Avenue SE, Suite 3000, Washington, DC 20374-5066, or email: jennifer.m.pike5.mil@us.navy.mil.

For general information on Department of the Air Force regulations, contact Bao-Anh Trinh, telephone 703-614-8500, or write the Office of the Secretary of the Air Force, Chief, Information Dominance/Chief Information Officer (SAF CIO/A6), 1800 Air Force Pentagon, Washington, DC 20330-1800, or email: usaf.pentagon.saf-cio-a6.mbx.af-foia@mail.mil.

For specific agenda items, contact the appropriate individual indicated for each regulatory action.

SUPPLEMENTARY INFORMATION:

This edition of the Unified Agenda of Federal Regulatory and Deregulatory Actions reports on actions planned by the Office of the Secretary of Defense, the Military Departments, the Office of the Under Secretary of Defense for Acquisition and Sustainment for procurement-related actions, and the U.S. Army Corps of Engineers.

This agenda also identifies rules impacted by the:

a. Regulatory Flexibility Act.

b. Paperwork Reduction Act of 1995.

c. Unfunded Mandates Reform Act of 1995.

Generally, rules discussed in this agenda will contain five sections: (1) Pre-rule stage; (2) proposed rule stage; (3) final rule stage; (4) completed actions; and (5) long-term actions. Where certain regulatory actions indicate that small entities are affected, the effect on these entities may not necessarily have significant economic impact on a substantial number of these entities as defined in the Regulatory Flexibility Act (5 U.S.C. 601(6)).

The publishing of this agenda does not waive the applicability of the military affairs exemption in section 553 of title 5 U.S.C. and section 3 of Executive Order 12866.

DEPARTMENT OF DEFENSE (DOD)

Office of the Secretary (OS)

Long-Term Actions

248. • Cybersecurity Maturity Model Certification (CMMC) Framework

Legal Authority: 5 U.S.C. 301; Pub. L. 116-92, sec. 1648

Abstract: This rule will establish cybersecurity requirements that must be met for Defense Industrial Base (DIB) contractors to obtain requisite Cybersecurity Maturity Model Certification status. DIB contractors may need CMMC certification to qualify for award of designated future DoD contracts. The impact of the CMMC requirements, in conjunction with DFARS clause 252.204-7021, Cybersecurity Maturity Model Certification Requirements, will be a higher level of assurance that Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) will be protected at the level commensurate with the risk from cybersecurity threats, including Advanced Persistent Threats.

DoD implemented a two-pronged approach to assess and verify the DIB's ability to protect FCI and CUI. This rule implements:

• The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 DoD Assessment Methodology employed to assess contractor implementation of the cybersecurity requirements in NIST SP 800-171, Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations, required by DFARS 252.204-7012. The verification of contractor implementation of NIST SP 800-171 security requirements is addressed under DFARS provision 252.204-7019, Notice of NIST SP 800-171 DoD Assessment Requirements, and DFARS clause 252.204-7020, NIST SP 800-171 DoD Assessment Requirements.

• The Cybersecurity Maturity Model Certification (CMMC) Framework. CMMC is a new DoD certification process to measure a DIB contractor's adherence to processes and implementation of cybersecurity practices to address and mitigate the threats posed by Advanced Persistent Threats—adversaries with sophisticated levels of expertise and significant resources.

This rule is related to DFARS clause 252.204-7021, Cybersecurity Maturity Model Certification Requirements, which specifies the requirement for assessing that DIB contractors meet CMMC requirements. This rule will specify the CMMC requirements for which the DIB contractors will be assessed.

Timetable:

Regulatory Flexibility Analysis Required: Yes.

Agency Contact: Diane L. Knight, Senior Management and Program Analyst, Department of Defense, Office of the Secretary, 4800 Mark Center Start Printed Page 5216 Drive, Suite 12E08, Alexandria, VA 22350, Phone: 202 770-9100, Email: diane.l.knight10.civ@mail.mil.

RIN: 0790-AL49

DEPARTMENT OF DEFENSE (DOD)

Defense Acquisition Regulations Council (DARC)

Proposed Rule Stage

249. Small Business Innovation Research Program Data Rights (DFARS Case 2019-D043)

Regulatory Plan: This entry is Seq. No. 19 in part II of this issue of the Federal Register .

RIN: 0750-AK84

250. Reauthorization and Improvement of Mentor-Protege Program (DFARS Case 2020-D009)

Regulatory Plan: This entry is Seq. No. 20 in part II of this issue of the Federal Register .

RIN: 0750-AK96

DEPARTMENT OF DEFENSE (DOD)

Defense Acquisition Regulations Council (DARC)

Long-Term Actions

251. Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)

Legal Authority: 41 U.S.C 1303; Pub. L. 116-92, sec. 1648

Abstract: DoD is finalizing an interim rule to implement the following methodology and framework in order to protect against the theft of intellectual property and sensitive information from the Defense Industrial Base (DIB) sector:

• The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 DoD Assessment Methodology. A standard methodology to assess contractor implementation of the cybersecurity requirements in NIST SP 800-171, Protecting Controlled Unclassified Information (CUI) In Nonfederal Systems and Organizations.

• The Cybersecurity Maturity Model Certification (CMMC) Framework. A DoD certification process that measures a company's institutionalization of processes and implementation of cybersecurity practices. See RIN 0790-AL49 for information on a rule amending title 32 of the Code of Federal Regulations with regard to CMMC, which will inform the DFARS final rule.

This rule provides the Department with: (1) The ability to assess at a corporate level a contractor's implementation of NIST SP 800-171 security requirements, as required by DFARS clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting; and (2) assurances that a DIB contractor can adequately protect sensitive unclassified information at a level commensurate with the risk, accounting for information flow down to its subcontractors in a multi-tier supply chain.

Timetable:

Regulatory Flexibility Analysis Required: Yes.

Agency Contact: Jennifer Johnson, Phone: 571 372-6100, Email: jennifer.d.johnson1.civ@mail.mil.

RIN: 0750-AK81

DEPARTMENT OF DEFENSE (DOD)

Office of Assistant Secretary for Health Affairs (DODOASHA)

Proposed Rule Stage

252. TRICARE: Chiropractic and Acupuncture Treatment Under the TRICARE Program

Legal Authority: 5 U.S.C. 301; 10 U.S.C. ch. 55

Abstract: Under the current regulations, TRICARE excludes chiropractors as TRICARE-authorized providers whether or not their services would be eligible as medically necessary care if furnished by any other authorized provider. In addition, the current regulation excludes acupuncture treatment whether used as a therapeutic agent or as an anesthetic. This proposed rule seeks to eliminate these exclusions and to add benefit coverage of chiropractic and acupuncture treatment when deemed medically necessary for specific conditions. This rule proposes to add licensed Doctors of Chiropractic (DCs) and Licensed Acupuncturists (LACs) who meet established qualifications as TRICARE-authorized providers and will establish reimbursement rates and cost-sharing provisions for covered chiropractic and acupuncture treatment.

Timetable:

Regulatory Flexibility Analysis Required: Yes.

Agency Contact: Joy Mullane, Department of Defense, Office of Assistant Secretary for Health Affairs, 16401 E Centretech Parkway, Aurora, CO 80011-9066, Phone: 303 676-3457, Fax: 303 676-3579, Email: joy.mullane.civ@mail.mil.

RIN: 0720-AB77

DEPARTMENT OF DEFENSE (DOD)

Office of Assistant Secretary for Health Affairs (DODOASHA)

Final Rule Stage

253. TRICARE Reimbursement of Ambulatory Surgery Centers and Outpatient Services Provided in Cancer and Children's Hospitals

Legal Authority: 5 U.S.C. 301; 10 U.S.C. ch. 55

Abstract: The Department of Defense, Defense Health Agency, is revising its regulation on the reimbursement of ambulatory surgery centers (ASC) and outpatient services provided in Cancer and Children's Hospitals (CCHs). Revisions are in accordance with the statutory provision at title 10 of the U.S.C., section 1079(i)(2) that requires TRICARE's payment methods for institutional care be determined, to the extent practicable, in accordance with the same reimbursement rules as apply to payments to providers of services of the same type under Medicare. In accordance with this requirement, TRICARE will: (1) Adopt Medicare's payment methodology for Ambulatory Surgery Centers (ASC) and (2) adopt Medicare's payment methodology for outpatient services provided in Cancer and Children's Hospitals (CCHs). Although Medicare's reimbursement methods for ASC and CCHs are different, it is prudent to adopt both the Medicare ASC system and to adopt the Outpatient Prospective Payment System (OPPS) with hold-harmless adjustments (meaning the provider is not reimbursed less than their costs) for CCHs simultaneously to align with our statutory requirement to reimburse like Medicare at the same time. This rule makes the modifications necessary to implement TRICARE reimbursement methodologies similar to those applicable to Medicare beneficiaries for outpatient services rendered in ASCs and CCHs.

Timetable:

Regulatory Flexibility Analysis Required: Yes.

Agency Contact: Elan Green, Department of Defense, Office of Assistant Secretary for Health Affairs, 16401 East Centretech Parkway, Aurora, CO 80011, Phone: 303 676-3907, Email: elan.p.green.civ@mail.mil.

RIN: 0720-AB73