Voglio sapere a riguardo di…

Federal Register / Vol. 86, No. 163 / Thursday, August 26, 2021 / Rules and Regulations
jbell on DSKJLSW7X2PROD with RULES

removal orders are not disproportionate to the scale of the risk at issue.
Finally, one commenter asserted that commercial products and commercialoff-the-shelf COTS items should be excluded from the reach of the FASC
because addressing them through exclusion or removal orders would deprive government of significant innovation and the latest technologies.
The FASC strongly disagrees with that recommendation. The ubiquity of commercial products and COTS items, not only within the Federal Government, but within the private sector as well, means that they are a frequent target of malicious actors seeking to find and capitalize upon technological vulnerabilities. Excluding those items from oversight by the FASC
would undermine the Councils ability to reduce the Federal Governments exposure to supply chain risk. No changes have been made in response to this comment.
V. Procedural Requirements Executive Orders 12866
Classification: This final rule has been designated non-significant and therefore was not reviewed by the Office of Management and Budget under Executive Order 12866.
Regulatory Flexibility Act: Because the FASC was not required to publish a notice of proposed rulemaking for either the interim rule or this final rule under 5 U.S.C. 553, no Regulatory Flexibility Analysis is required. See 5 U.S.C.
603a, 604a.
Congressional Review Act: Pursuant to the Congressional Review Act, 5
U.S.C. 801 et seq., the Office of Information and Regulatory Affairs designated this rule as not a major rule, as defined by 5 U.S.C. 8042.
Unfunded Mandates Reform Act of 1995: This rule does not contain any unfunded mandate or significantly or uniquely affect small governments, as described in the Unfunded Mandates Reform Act of 1995.
Executive Order 13132 Federalism:
This rule does not have Federalism implications as specified in Executive Order 13132.
Executive Order 12630 Governmental Actions and Interference with Constitutionally Protected Property Rights: This rule does not implement policies that have takings implications as identified in Executive Order 12630.
Executive Order 13175 Consultation and Coordination with Indian Tribes:
The rule does not have tribal implications and will not impose substantial direct costs on tribal governments or preempt tribal law as specified by Executive Order 13175.

VerDate Sep<11>2014

16:08 Aug 25, 2021

Jkt 253001

National Environmental Policy Act:
This rule does not require a detailed environmental analysis as the establishment and operation of FASC
will not individually or cumulatively have a significant effect on the human environment 40 CFR 1508.4.
List of Subjects in 41 CFR Part 2011
Computer technology, Cybersecurity, Government procurement, Government technology, Information technology, National security, Security measures, Science and technology, Supply chain, Supply chain risk management.
Christopher DeRusha, Chair, Federal Acquisition Security Council.

For the reasons set out in the preamble, the FASC amends 41 CFR
subtitles D and E as follows:
Subtitle DFederal Acqusition Supply Chain Security 1. Revise the heading to subtitle D to read as set forth above.
2. Add chapter 201, consisting of part 2011, to subtitle D to read as follows:

Chapter 201FEDERAL ACQUISITION
SECURITY COUNCIL

PART 2011GENERAL
REGULATIONS
Subpart AGeneral Sec.
2011.100 Scope.
2011.101 Definitions.
2011.102 Federal Acquisition Security Council FASC.
Subpart BSupply Chain Risk Information Sharing 2011.200 Information sharing agency ISA.
2011.201 Submitting information to the FASC.
Subpart CExclusion and Removal Orders 2011.300 Evaluation of sources and covered articles.
2011.301 Recommendation.
2011.302 Notice of recommendation to source and opportunity to respond.
2011.303 Issuance of orders and related activities.
2011.304 Executive agency compliance with exclusion and removal orders.
Authority: 41 U.S.C. 13211328, 4713.

Subpart AGeneral 2011.100

Scope.

a Applicability. Except as provided in paragraph b of this section, this part applies to the following:
1 The membership and operations of the FASC, including all Federal Government and contractor personnel supporting the FASCs operations;
2 Submission and dissemination of supply chain risk information; and
PO 00000

Frm 00047

Fmt 4700

Sfmt 4700

47587

3 Recommendations for, issuance of, and associated procedures related to removal orders and exclusion orders.
b Clarification of scope. This part does not require the following:
1 Mandatory submission of supply chain risk information by non-Federal entities; or 2 The removal or exclusion of any covered article by non-Federal entities, except to the extent that an exclusion or removal order issued pursuant to subpart C of this part applies to prime contractors and subcontractors to Federal agencies.
2011.101

Definitions.

For the purposes of this part:
Appropriate congressional committees and leadership means:
1 The Committee on Homeland Security and Governmental Affairs, the Committee on the Judiciary, the Committee on Appropriations, the Committee on Armed Services, the Committee on Commerce, Science, and Transportation, the Select Committee on Intelligence, and the majority and minority leader of the Senate; and 2 The Committee on Oversight and Government Reform, the Committee on the Judiciary, the Committee on Appropriations, the Committee on Homeland Security, the Committee on Armed Services, the Committee on Energy and Commerce, the Permanent Select Committee on Intelligence, and the Speaker and minority leader of the House of Representatives.
Council or FASC means the Federal Acquisition Security Council.
Covered article means any of the following:
1 Information technology, as defined in 40 U.S.C. 11101, including cloud computing services of all types;
2 Telecommunications equipment or telecommunications service, as those terms are defined in section 3 of the Communications Act of 1934 47 U.S.C.
153;
3 The processing of information on a Federal or non-Federal information system, subject to the requirements of the Controlled Unclassified Information program or subsequent U.S. Government program for controlling sensitive unclassified information; or 4 Hardware, systems, devices, software, or services that include embedded or incidental information technology.
Covered procurement means:
1 A source selection for a covered article involving either a performance specification, as provided in subsection a3B of 41 U.S.C. 3306, or an evaluation factor, as provided in subsection b1A of 41 U.S.C. 3306,
E:FRFM26AUR1.SGM

26AUR1