After 6 months
this collection will expire and DoD will need to publish a 60 and
30 day notice.
Inventory as of this Action
Requested
Previously Approved
04/30/2021
6 Months From Approved
13,378
0
0
57,601
0
0
6,727,155
0
0
DoD has a requirement to collect
information from offerors and contractors regarding the status of
their implementation of implement the 110 system security
requirements identified in the National Institute of Standards and
Technology Special Publication (NIST SP) 800-171 on their
information systems that process controlled unclassified
information (CUI). This information is being collected through
either a contractor’s submission of a Basic self-assessment in
DoD’s Supplier Performance Risk System, or a Medium or High
assessment of contractors conducted by DoD assessors. Results of a
NIST SP 800-171 DoD Assessment reflect the net effect of NIST SP
800-171 security requirements not yet implemented by a
contractor.
DoD is issuing an interim rule
amending the DFARS to implement to NIST SP 800-171 DoD Strategic
Assessment Methodology. The rule provides a new solicitation
provision and contract clause for use in all acquisitions,
excluding those exclusively for commercially available
off-the-shelf items. Per the new provision, offerors that are
required to have implemented NIST SP 800-171 per DFARS clause
252.204-7012, must have at minimum a current "Basic"
self-assessment for each covered contractor information system in
order to be considered for award. Per the new contract clause, if
necessary, certain contractors may be required to provide
documentation and demonstrate their implementation of the cyber
security requirements during a "Medium" or "High" assessment
conducted by DoD assessors
$9,536,160
No
No
No
No
No
No
No
Jennifer Hawes 571 372-6115
jennifer.l.hawes2.civ@mail.mil
No
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.