Je veux savoir à propos de…

50692

Federal Register / Vol. 86, No. 173 / Friday, September 10, 2021 / Proposed Rules
VIII. Paperwork Reduction Act The Paperwork Reduction Act 44
U.S.C. Chapter 35 does apply because the rule contains procedures with information collection requirements.
However, these procedures do not impose additional information collection requirements to the paperwork burden previously approved under an existing OMB Control Number 30900300.
Requesters may obtain a copy of the information collection documents from the GSA Regulatory Secretariat Division, by calling 2025014755 or emailing GSARegSec@gsa.gov. Please cite OMB
Control No. 30900300, Implementation of Information Technology Security Provision, in all correspondence.
List of Subjects in 48 CFR Parts 501, 502, 511, 539, 552, and 570
Government procurement.
Jeffrey A. Koses, Senior Procurement Executive, Office of Acquisition Policy, Office of Governmentwide Policy, General Services Administration.

Therefore, GSA proposes amending 48 CFR parts 501, 502, 511, 539, 552, and 570 as set forth below:
PART 501GENERAL SERVICES
ADMINISTRATION ACQUISITION
REGULATION SYSTEM
1. The authority citation for 48 CFR
part 501 continues to read as follows:

Authority: 40 U.S.C. 121c.

2. In section 501.106, amend table 1
by a. Adding an entry for 511.171 in numerical order; and b. Removing the entry for 552.239
71.
The addition reads as follows:

501.106 OMB approval under the Paperwork Reduction Act.

TABLE 1 TO 501.106
GSAR reference

511.171
jbell on DSKJLSW7X2PROD with PROPOSALS

OMB control No.

30900300

PART 502DEFINITIONS OF WORDS
AND TERMS
3. The authority citation for 48 CFR
part 502 continues to read as follows:

Authority: 40 U.S.C. 121c.

VerDate Sep<11>2014

17:18 Sep 09, 2021

Jkt 253001

4. Amend section 502.101 by adding, in alphabetical order, the definitions of GSA Information System and Information System to read as follows:

502.101

GSA Information System means an information system used or operated by the U.S. General Services Administration GSA or by a contractor or other organization on behalf of the U.S. General Services Administration including:
1 Cloud information system means information systems developed using cloud computing. Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources e.g., networks, servers, storage, applications that can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud information systems include Infrastructure as a Service IaaS, Platform as a Service PaaS, or Software as a Service SaaS. Cloud information systems may connect to the GSA
network.
2 External information system means information systems that reside in contractor facilities and typically do not connect to the GSA network.
External information systems may be government-owned and contractoroperated or contractor-owned and -operated on behalf of GSA or the Federal Government when GSA is the managing agency.
3 Internal information system means information systems that reside on premise in GSA facilities and may connect to the GSA network. Internal systems are operated on behalf of GSA
or the Federal Government when GSA
is the managing agency.
4 Low Impact Software as a Service LiSaaS System means cloud applications that are implemented for a limited duration, considered low impact and would cause limited harm to GSA
if breached.
5 Mobile application means a type of application software designed to run on a mobile device, such as a smartphone or tablet computer.
Information System means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.

Frm 00007

Fmt 4702

5. The authority citation for 48 CFR
part 511 continues to read as follows:

Authority: 40 U.S.C. 121c.

Definitions.

PO 00000

PART 511DESCRIBING AGENCY
NEEDS

Sfmt 4702

6. Add section 511.171 to read as follows:

511.171 Requirements for GSA
Information Systems.

a General Service Administration GSA requirements. For GSA
procurements contracts, actions, or orders that may involve GSA
Information Systems, excluding GSAs government-wide contracts e.g., Federal Supply Schedules and Governmentwide Acquisition Contracts, the contracting officer shall incorporate the applicable sections of the following policies in the Statement of Work, or equivalent:
1 CIO 0948, IT Security Procedural Guide: Security and Privacy IT
Acquisition Requirements; and 2 CIO 122018, IT Policy Requirements Guide.
b CIO Chief Information Officer coordination. The contracting officer shall coordinate with GSAs information technology IT point of contact to identify possible CIO policy inclusions prior to publication of a Statement of Work, or equivalent. In addition, contracting officers shall review the Security Considerations section of the acquisition plan to identify if the CIO
policies apply. The CIO policies and GSA IT points of contact are available on the Acquisition Portal at https
insite.gsa.gov/itprocurement.
1 The contracting officer will be responsible for documenting the date of request for GSA IT coordination.
2 If no response is received within 10 business days of the request, the contracting officer will document that fact in the contract file and proceed with the publication of the Statement of Work or equivalent.
3 The contracting officer may grant an extension of this time period, if requested by GSA IT.
c Waivers. 1 In cases where it is not effective in terms of cost or time or where it is unreasonably burdensome to include CIO 0948, IT Security Procedural Guide: Security and Privacy IT Acquisition Requirements or CIO 12
2018, IT Policy Requirements Guide in a contract or order, a waiver may be granted by the Acquisition Approving Official as identified in the thresholds listed at 507.103b, the Information System Authorizing Official, and the GSA IT Approving Official.
2 The waiver request must provide the following information
E:FRFM10SEP1.SGM

10SEP1