AGENCY:

General Services Administration (GSA).

ACTION:

Semiannual regulatory agenda.

SUMMARY:

This agenda announces the proposed regulatory actions that GSA plans for the next 12 months and those that were completed since the fall 2017 edition. This agenda was developed under the guidelines of Executive Order 12866 “Regulatory Planning and Review”, as amended. GSA's purpose in publishing this agenda is to allow interested persons an opportunity to participate in the rulemaking process. GSA also invites interested persons to recommend existing significant regulations for review to determine whether they should be modified or eliminated. Published proposed rules may be reviewed in their entirety at the Government's rulemaking website at http://www.regulations.gov.

Since the fall 2007 edition, the internet has been the basic means for disseminating the Unified Agenda. The complete Unified Agenda will be available online at www.reginfo.gov,, in a format that offers users a greatly enhanced ability to obtain information from the Agenda database.

Because publication in the Federal Register is mandated for the regulatory flexibility agendas required by the Regulatory Flexibility Act (5 U.S.C. 602), GSA's printed agenda entries include only:

(1) Rules that are in the Agency's regulatory flexibility agenda, in accordance with the Regulatory Flexibility Act, because they are likely to have a significant economic impact on a substantial number of small entities; and

(2) Any rules that the Agency has identified for periodic review under section 610 of the Regulatory Flexibility Act.

Printing of these entries is limited to fields that contain information required by the Regulatory Flexibility Act's Agenda requirements. Additional information on these entries is available in the Unified Agenda published on the internet. In addition, for fall editions of the Agenda, the entire Regulatory Plan will continue to be printed in the Federal Register, as in past years, including GSA's regulatory plan.

FOR FURTHER INFORMATION CONTACT:

Lois Mandell, Division Director, Regulatory Secretariat Division at (202) 501-4755.

GENERAL SERVICES ADMINISTRATION (GSA)

Office of Acquisition Policy

Proposed Rule Stage

182. General Services Administration Acquisition Regulation (GSAR): GSAR Case 2015-G506, Adoption of Construction Project Delivery Method Involving Early Industry Engagement

E.O. 13771 Designation: Other.

Legal Authority: 40 U.S.C. 121(c)

Abstract: GSA is proposing to amend the General Services Administration Acquisition Regulation (GSAR) to adopt an additional project delivery method for construction, construction manager as constructor (CMc). CMc is used in industry and allows for early industry engagement on construction contracts that provide schedule growth and administrative savings. The current FAR and GSAR lacks detailed coverage differentiating various construction project delivery methods. GSA's policies on CMc have been previously issued through other means. By incorporating CMc into the GSAR and differentiating for various construction methods, the GSAR will provide centralized guidance to ensure consistent application of construction project principles across the organization. Integrating these requirements into the GSAR will also allow industry to provide public comments through the rulemaking process.

Timetable:

Regulatory Flexibility Analysis Required: Yes.

Agency Contact: Tony Hubbard, Procurement Analyst, General Services Administration, 1800 F Street NW, Washington, DC 20405, Phone: 202 357-5810, Email: tony.hubbard@gsa.gov.

RIN: 3090-AJ64

183. General Services Acquisition Regulation (GSAR); GSAR Case 2016-G511, Information and Information Systems Security

E.O. 13771 Designation: Other.

Legal Authority: 40 U.S.C. 121(c)

Abstract: GSA is proposing to update the General Services Administration Acquisition Regulation (GSAR) to streamline and update existing GSA cybersecurity requirements and integrate these requirements within the GSAR. GSA unique policies on cybersecurity have been previously issued through other means. By incorporating cybersecurity requirements into the GSAR, the GSAR will provide centralized guidance to ensure consistent application of cybersecurity principles across the organization. Integrating these requirements into the GSAR will also allow industry to provide public comments through the rulemaking process.

The GSA cybersecurity requirements mandate contractors protect the confidentiality, integrity, and availability of unclassified GSA information and information systems from cybersecurity vulnerabilities, and threats in accordance with the Federal Information Security Modernization Act of 2014 and associated Federal cybersecurity requirements. This rule will require contracting officers to incorporate applicable GSA cybersecurity requirements within the statement of work to ensure compliance with Federal cybersecurity requirements and implement best practices for preventing cyber incidents. These GSA requirements mandate applicable controls and standards (e.g. U.S. National Institute of Standards and Technology, U.S. National Archive and Records Administration Controlled Unclassified Information standards).

Cybersecurity requirements for internal contractor systems, external contractor systems, cloud systems, and mobile systems will be covered by this rule. It will also update existing GSAR provision 552.239-70, Information Technology Security Plan and Security Authorization and GSAR clause 552.239-71, Security Requirements for Unclassified Information Technology Resources to only require the provision and clause when the contract will involve information or information systems connected to a GSA network.

Timetable:

Regulatory Flexibility Analysis Required: Yes.

Agency Contact: Michelle Bohm, Contract Specialist, General Services Administration, 100 S Independence Mall W Room: 9th Floor, Philadelphia, PA 19106-2320, Phone: 215 446-4705, Email: michelle.bohm@gsa.gov.

RIN: 3090-AJ84

184. General Services Administration Acquisition Regulation (GSAR); GSAR Case 2016-G515, Cyber Incident Reporting

E.O. 13771 Designation: Other.

Legal Authority: 40 U.S.C. 121(c)

Abstract: GSA is proposing to amend the General Services Administration Acquisition Regulation (GSAR) to provide requirements for GSA contractors to report cyber incidents that could potentially affect GSA or its customer agencies. The rule integrates the existing cyber incident reporting policy within GSA Order CIO 9297.2C, GSA Information Breach Notification Policy that did not previously go through the rulemaking process into the GSAR. By incorporating cyber incident reporting requirements into the GSAR, the GSAR will provide centralized guidance to ensure consistent application of cybersecurity principles across the organization. Integrating these requirements into the GSAR will also allow industry to provide public comments through the rulemaking process.

The rule outlines the roles and responsibilities of the GSA contracting officer, contractors, and agencies ordering off of GSA's contracts in the reporting of a cyber incident.

The rule establishes a contractor's responsibility to report any cyber incident where the confidentiality, integrity, or availability of GSA information or information systems are potentially compromised or where the confidentiality, integrity, or availability of information or information systems owned or managed by or on behalf of the U.S. Government is potentially compromised. It establishes an explicit timeframe for reporting cyber incidents, details the required elements of a cyber incident report, and provides the required Government's points of contact for submitting the cyber incident report.

The rule also outlines the additional contractor requirements that may apply for any cyber incidents involving personally identifiable information. In addition, the rule clarifies both GSA and ordering agencies' authority to access contractor systems in the event of a cyber incident. It also establishes the role of GSA in the cyber incident reporting process and outlines how the primary response agency for a cyber incident is determined. In addition, it establishes the requirement for the contractor to preserve images of affected systems and ensure contractor employees receive appropriate training for reporting cyber incidents. The rule also outlines how contractor attributional/proprietary information Start Printed Page 27208provided as part of the cyber incident reporting process will be protected and used.

Timetable:

Regulatory Flexibility Analysis Required: Yes.

Agency Contact: Kevin Funk, Program Analyst, General Services Administration, 1800 F Street NW, Washington, DC 20405, Phone: 202 357-5805, Email: kevin.funk@gsa.gov.

RIN: 3090-AJ85

GENERAL SERVICES ADMINISTRATION (GSA)

Office of Acquisition Policy

Final Rule Stage

185. GSAR CASE 2008-G517, Cooperative Purchasing—Acquisition of Security and Law Enforcement Related Goods and Services (Schedule 84) by State and Local Governments Through Federal Supply Schedules

E.O. 13771 Designation: Other.

Legal Authority: 40 U.S.C. 121(c); 40 U.S.C. 502(c)(1)(B)

Abstract: The General Services Administration (GSA) is amending the General Services Administration Acquisition Regulation (GSAR) to implement Public Law 110-248, The Local Preparedness Acquisition Act. The Act authorizes the Administrator of General Services to provide for the use by State or local governments of Federal Supply Schedules of the General Services Administration (GSA) for alarm and signal systems, facility management systems, firefighting and rescue equipment, law enforcement and security equipment, marine craft and related equipment, special purpose clothing, and related services (as contained in Federal supply classification code group 84 or any amended or subsequent version of that Federal supply classification group).

Timetable:

Regulatory Flexibility Analysis Required: Yes.

Agency Contact: Christina Mullins, Procurement Analyst, General Services Administration, 1800 F Street NW, Washington, DC 20405, Phone: 202 969-4966, Email: christina.mullins@gsa.gov.

RIN: 3090-AI68

186. General Services Administration Acquisition Regulation (GSAR); GSAR Case 2013-G502, Federal Supply Schedule Contract (Administration)

E.O. 13771 Designation: Other.

Legal Authority: 40 U.S.C. 121(c)

Abstract: The General Services Administration (GSA) is amending the General Services Administration Acquisition Regulation (GSAR) to clarify and update the contracting by negotiation GSAR section and incorporate existing Federal Supply Schedule Contracting policies and procedures, and corresponding provisions and clauses.

Timetable:

Regulatory Flexibility Analysis Required: Yes.

Agency Contact: Dana L. Munson, Procurement Analyst, General Services Administration, 1800 F Street NW, Washington, DC 20405, Phone: 202 357-9652, Email: dana.munson@gsa.gov.

RIN: 3090-AJ41

187. General Services Administration Acquisition Regulation (GSAR); GSAR Case 2015-G503, Construction Contract Administration

E.O. 13771 Designation: Other.

Legal Authority: 40 U.S.C. 121(c)

Abstract: GSA is amending the General Services Administration Acquisition Regulation (GSAR) to revise sections of GSAR part 536, Construction and Architect-Engineer Contracts, and related parts, to maintain consistency with the Federal Acquisition Regulation (FAR) and to incorporate updated construction contract administration policies and procedures.

The changes fall into five categories: (1) Incorporating existing Agency policy previously issued through other means, (2) reorganizing to better align with the FAR, (3) incorporating Agency unique clauses, (4) incorporating supplemental material, and (5) editing for clarity.

Timetable:

Regulatory Flexibility Analysis Required: Yes.

Agency Contact: Tony Hubbard, Procurement Analyst, General Services Administration, 1800 F Street NW, Washington, DC 20405, Phone: 202 357-5810, Email: tony.hubbard@gsa.gov.

RIN: 3090-AJ63

GENERAL SERVICES ADMINISTRATION (GSA)

Completed Actions

188. General Services Administration Acquisition Regulation (GSAR); GSAR Case 2014-G503, Contract Funding

E.O. 13771 Designation: Other.

Legal Authority: 40 U.S.C. 121(c)

Abstract: This RIN is being withdrawn as it is covered by FAR Case 2016-012, Incremental Funding of Fixed-Price Contracting Actions which is currently in development.

Completed:

Regulatory Flexibility Analysis Required: Yes.

Agency Contact: James Tsujimoto, Phone: 202 208-3585, Email: james.tsujimoto@gsa.gov.

RIN: 3090-AJ55

189. General Services Administration Acquisition Regulation (GSAR); GSAR Case 2015-G512, Unenforceable Commercial Supplier Agreement Terms

E.O. 13771 Designation: Deregulatory.

Legal Authority: 40 U.S.C. 121(c)

Abstract: GSA amended the General Services Administration Acquisition Regulation (GSAR) to address common commercial supplier agreement terms that are inconsistent with or create ambiguity with Federal Law.

Completed:

Regulatory Flexibility Analysis Required: Yes.

Agency Contact: Janet Fry, Phone: 703 605-3167, Email: janet.fry@gsa.gov.

RIN: 3090-AJ67Start Printed Page 27209

190. General Services Administration Acquisition Regulation (GSAR); GSAR 2016-G506, Federal Supply Schedule, Order-Level Materials

E.O. 13771 Designation: Deregulatory.

Legal Authority: 40 U.S.C. 121(c)

Abstract: The General Services Administration (GSA) amended the General Services Administration Acquisition Regulation (GSAR) to clarify the authority to acquire order-level materials when placing an individual task order or delivery order against a Federal Supply Schedule (FSS) contract or FSS blanket purchase agreement (BPA). OLMs are supplies and/or services acquired in direct support of an individual task or delivery order placed against an FSS contract or BPA, when the supplies and/or services are not known at the time of contract or BPA award.

Completed:

Regulatory Flexibility Analysis Required: Yes.

Agency Contact: Leah Price, Phone: 703 605-2558, Email: leah.price@gsa.gov.

RIN: 3090-AJ75