Je veux savoir à propos de…

Federal Register / Vol. 86, No. 173 / Friday, September 10, 2021 / Proposed Rules 31.31341

Recapture of credits.

The text of proposed 31.31341 is the same as the text of 31.31341T
published elsewhere in this issue of the Federal Register.
Douglas W. ODonnell, Deputy Commissioner for Services and Enforcement.
FR Doc. 202119523 Filed 9821; 4:15 pm BILLING CODE 483001P

GENERAL SERVICES
ADMINISTRATION
48 CFR Parts 501, 502, 511, 539, 552, and 570
GSAR Case 2016G511; Docket No. 2021
0018; Sequence No. 1
RIN 3090AJ84

General Services Acquisition Regulation GSAR; GSAR Case 2016
G511, Contract Requirements for GSA
Information Systems Office of Acquisition Policy, General Services Administration GSA.
ACTION: Proposed rule.
AGENCY:

GSA is proposing to amend the General Services Administration Acquisition Regulation GSAR to streamline and update requirements for contracts that involve GSA information systems. The revision of GSAs cybersecurity and other information technology requirements will lead to the elimination of a duplicative and outdated provision and clause from the GSAR. The proposed rule will replace the outdated text with existing policies of the GSA Office of the Chief Information Officer OCIO and provide centralized guidance to ensure consistent application across the organization. The updated GSA policy will align cybersecurity requirements based on the items being procured by ensuring contract requirements are coordinated with GSAs Chief Information Security Officer.
DATES: Interested parties should submit written comments to the Regulatory Secretariat at one of the addresses shown below on or before November 9, 2021 to be considered in the formation of the final rule.
ADDRESSES: Submit comments in response to GSAR case 2016G511 to:
Regulations.gov: http
www.regulations.gov. Submit comments via the Federal eRulemaking portal by searching for GSAR Case 2016G511.
Select the link Comment Now that corresponds with GSAR Case 2016
G511. Follow the instructions provided
jbell on DSKJLSW7X2PROD with PROPOSALS

SUMMARY:

VerDate Sep<11>2014

17:18 Sep 09, 2021

Jkt 253001

at the Comment Now screen. Please include your name, company name if any, and GSAR Case 2016G511 on your attached document. If your comment cannot be submitted using https www.regulations.gov, call or email the points of contact in the FOR
FURTHER INFORMATION CONTACT section of this document for alternate instructions.
Instructions: Please submit comments only and cite GSAR Case 2016G511 in all correspondence related to this case.
Comments received generally will be posted without change to https
www.regulations.gov, including any personal and/or business confidential information provided. To confirm receipt of your comments, please check https www.regulations.gov approximately two-to-three days after submission to verify posting.
FOR FURTHER INFORMATION CONTACT: Ms.
Johnnie McDowell, Procurement Analyst, at 2027186112 or gsarpolicy@gsa.gov, for clarification of content. For information pertaining to status or publication schedules, contact the Regulatory Secretariat Division at 2025014755 or gsaregsec@gsa.gov.
Please cite GSAR Case 2016G511.
SUPPLEMENTARY INFORMATION:
I. Background GSAs cybersecurity requirements mandate that contractors protect the confidentiality, integrity, and availability of unclassified GSA
information and information systems from cybersecurity vulnerabilities and threats. This rule will require contracting officers to incorporate applicable GSA cybersecurity requirements within the statement of work to ensure compliance with Federal cybersecurity requirements and implement best practices for preventing cyber incidents. These GSA
requirements mandate applicable controls and standards e.g., U.S.
National Institute of Standards and Technology, U.S. National Archives and Records Administration Controlled Unclassified Information standards.
In general, the proposed changes are necessary to bring long-standing GSA
information system practices into the GSAR, consolidating policy into one area. Because of that consolidation, contractors may need less time and fewer resources to read and understand all the requirements relevant to their contract.
GSA is proposing to amend the GSAR
to revise sections of GSAR part 511, Describing Agency Needs, part 539, Acquisition Information Technology, and other related parts; to maintain consistency with the Federal
PO 00000

Frm 00004

Fmt 4702

Sfmt 4702

50689

Acquisition Regulation FAR; and to incorporate and consolidate existing cybersecurity and other information technology requirements previously implemented through various Office of the Chief Information Officer OCIO or agency policies.
II. Authority for This Rulemaking Title 40 of the United States Code U.S.C. Section 121 authorizes GSA to issue regulations, including the GSAR, to control the relationship between GSA
and contractors.
III. Discussion and Analysis The proposed rule changes fall into three categories: 1 Streamlining existing agency information technology IT security policies previously issued through the OCIO into one consolidated cybersecurity requirements policy titled CIO IT Security Procedural Guide 09
48: Security and Privacy Requirements for IT Acquisition Efforts; 2
consolidating existing agency nonsecurity IT policies previously issued through the OCIO into one streamlined requirements policy titled CIO 122018:
IT Policy Requirements Guide; and 3
eliminating the GSAR provision 552.23970, Information Technology Security Plan and Security Authorization, and GSAR clause 552.23971, Security Requirements for Unclassified Information Technology Resources. The changes to the GSAR
included in this proposed rule are summarized below:
1. Streamlining IT Security Policies Into CIO IT Security Procedural Guide 09
48: Security and Privacy Requirements for IT Acquisition Efforts GSAs internal information systems policies will be incorporated into subpart 511.171, Requirements for GSA
Information Systems, requiring GSA
contracting officers to:
Incorporate the applicable sections or complete version of the CIO IT
Security Procedural Guide 0948:
Security and Privacy Requirements for IT Acquisition Efforts, and CIO 122018, IT Policy Requirements Guide, into GSA
solicitations i.e., Statement of Work, or equivalent; and Coordinate with the GSA OCIO for applicable procurements.
The new guidance will also establish a waiver process for cases where it is not effective from a cost or timing standpoint or where it is unreasonably burdensome.
The streamlining of the policy into subpart 511.171 will also replace the general instruction found in GSAR
511.102, Security of Information Data, with more detailed instruction, and
E:FRFM10SEP1.SGM

10SEP1