AGENCY:

National Aeronautics and Space Administration (NASA).

ACTION:

Final rule.

SUMMARY:

This final rule adopts with changes the interim rule published in the Federal Register on July 12, 2001. The interim rule amended the NASA FAR Supplement (NFS) to clarify information technology (IT) security requirements for sensitive information contained in unclassified automated information resources

EFFECTIVE DATE:

July 26, 2002.

FOR FURTHER INFORMATION CONTACT:

Karl Beisel, NASA Headquarters, Code HC, Washington, DC 20546, (202) 358-0416, kbeisel@mail.hq.nasa.gov.

SUPPLEMENTARY INFORMATION:

A. Background

NASA published an interim rule in the Federal Register at 66 FR 36490 on July 12, 2001, revising NFS section 1804.470 and the clause at 1852.204-76, Security Requirements for Unclassified Information Technology Resources. These sections address security requirements for unclassified IT resources. The action implemented The Computer Security Act of 1987 and Appendix III of the Office of Management and Budget (OMB) Circular No. A-130, Security of Federal Automated Information Resources, which require adequate security be provided for all Agency information collected, processed, transmitted, stored, or disseminated. NFS section 1804.470 contains the requirement for all NASA contractors and subcontractors to comply with Federal and NASA policies in safeguarding unclassified NASA data held via information technology (IT).

Public comments were received from one source. The comments were considered in developing this final rule.

Changes are made in this final rule to section 1804.470-1, Scope, to reference Federal policies that are implemented through NASA's Procedures and Guidelines (NPG) 2810.1, Security of Information Technology, and amend paragraph (d)(3)(i) of the clause at 1852.204-76 to remove the exemption of certain information contained in Standard Form 85P, Questionnaire for Public Trust Positions.

NASA understands that the FAR Council is working with the OMB Start Printed Page 48815 Committee on Executive Branch Information Systems Security under the President's Critical Infrastructure Protection Board on the development of a government-wide IT security clause. The purpose of this work is to ensure that IT security requirements are included in all applicable Federal government contracts. Upon completion of this government-wide effort, NASA will modify its rule, as may be necessary, to ensure consistency with the FAR coverage.

This is not a significant regulatory action, and therefore, was not subject to review under Section 6(b) of Executive Order 12866, Regulatory Planning and Review, dated September 30, 1993. This rule is not a major rule under 5 U.S.C. 804

B. Regulatory Flexibility Act

NASA certifies that this rule will not have a significant economic impact on a substantial number of small entities within the meaning of the Regulatory Flexibility Act (5 U.S.C. 601 et seq.), because this rule only clarifies existing requirements and does not impose any new requirements.

C. Paperwork Reduction Act

This rule clarifies existing requirements that were previously approved by the Office of Management and Budget (OMB) under OMB Control No. 2700-0098.

List of Subjects in 48 CFR Parts 1804 and 1852

• Government Procurement

Interim Rule Adopted as Final With Change

Accordingly, the interim rule amending 48 CFR parts 1804 and 1852, published at 66 FR 36492 on July 12, 2001, is adopted as final with the following changes:

1. The authority citation for 48 CFR parts 1804 and 1852 continues to read as follows:

Authority: 42 U.S.C. 2473(c)(1).

PART 1804—ADMINISTRATIVE MATTERS

2. Revise section 1804.470-1 to read as follows:

PART 1852—SOLICITATION PROVISIONS AND CONTRACT CLAUSES

3. Amend section 1852.204-76 in the clause heading by removing “(JULY 2001)” and adding “(July 2002)” in its place; and in paragraph (d)(3)(i) by removing “(Information regarding financial record, question 22, and the Authorization for Release of Medical Information are not applicable)”.