[Federal Register: August 6, 2008 (Volume 73, Number 152)]
[Proposed Rules]
[Page 45679-45680]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr06au08-25]
=======================================================================
-----------------------------------------------------------------------
NATIONAL AERONAUTICS AND SPACE ADMINISTRATION
48 CFR Parts 1804 and 1852
RIN 2700-AD38
Personal Identity Verification of Contractors
AGENCY: National Aeronautics and Space Administration.
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: NASA proposes to revise the NASA FAR Supplement (NFS) to
update procedures for compliance with Federal Acquisition Regulation
(FAR) Subpart 4.13, Personal Identity Verification of Contractor
Personnel. FAR 4.13 requires that agencies include their implementing
guidance of FIPS 201 and OMB guidance M-05-24 in solicitations and
contracts that require the contractor to have routine physical access
to Federally-controlled facilities and/or access to Federally-
controlled information systems. NASA further proposes to designate The
Assistant Administrator, Office of Security and Program Protection as
the official with overall responsibility for verifying contractor
employee personal identity.
DATES: Comments should be submitted on or before October 6, 2008 to be
considered in formulation of the final rule.
ADDRESSES: Interested parties may submit comments, identified by RIN
number 2700-AD38, via the Federal eRulemaking Portal: http://
www.regulations.gov. Follow the instructions for submitting comments.
Comments may also be submitted to Leigh Pomponio, NASA Headquarters,
Office of Procurement, Contract Management Division, Washington, DC
20546. Comments may also be submitted by e-mail to Leigh.Pomponio-
1@nasa.gov.
FOR FURTHER INFORMATION CONTACT: Leigh Pomponio, NASA, Office of
Procurement, Contract Management Division (Room 5K75); (202) 358-4773;
e-mail: Leigh.Pomponio-1@nasa.gov.
SUPPLEMENTARY INFORMATION:
A. Background
Federal Acquisition Circular (FAC 2005-14) implemented a final rule
amending the FAR by addressing the contractor personal identification
requirements in Homeland Security Presidential Directive (HSPD-12),
``Policy for a Common Identification Standard for Federal Employees and
Contractors,'' and Federal Information Processing Standards Publication
(FIPS PUB) Number 201, ``Personal Identity Verification (PIV) of
Federal Employees and Contractors.'' Section 304(A) of the National
Aeronautics and Space Act of 1958, 42 U.S.C., Section 2455, provides
that the NASA Administrator shall establish such security requirements,
restrictions, and safeguards as he deems necessary, and he may arrange
for such personnel investigations of contractor and subcontractor
employees as he deems appropriate. NASA's implementing guidance, to be
used in conjunction with FAR clause 52.204-9, Personal Identity
Verification of Contractor Personnel, is set forth in NASA Interim
Directive (NID) Personal Identity Verification (PIV) Policy and
Procedures, dated May 24, 2007, to NASA Policy Regulation (NPR)-1600.1,
NASA Security Program Procedural Requirements w/Change 1. The purpose
of this proposed rule is to establish a new NFS Subpart 1804.13 to
address NASA PIV requirements.
This is not a significant regulatory action and, therefore, is not
subject to review under Section 6(b) of Executive Order 12866,
Regulatory Planning and Review, dated September 30, 1993. This proposed
rule is not a major rule under 5 U.S.C. 804.
B. Regulatory Flexibility Act
NASA certifies that this proposed rule will not have a significant
economic impact on a substantial number of small entities within the
meaning of the Regulatory Flexibility Act, 5 U.S.C. 601 et seq.,
because it merely implements the FAR Common Identification Standard for
Contractors and does not impose an economic impact beyond that
addressed in the FAC 2005-14 publication of the FAR final rule.
C. Paperwork Reduction Act
The Paperwork Reduction Act (Pub. L. 104-13) is not applicable
because the NFS changes do not impose information collection
requirements that require the approval of the Office of Management and
Budget under 44 U.S.C. 3501, et seq.
List of Subjects in 48 CFR Parts 1804 and 1852
Government procurement.
William P. McNally,
Assistant Administrator for Procurement.
Accordingly, 48 CFR parts 1804 and 1852 are proposed to be amended
as follows:
1. The authority citation for 48 CFR parts 1804 and 1852 continues
to read as follows:
Authority: 42 U.S.C. 2455(a), 2473(c)(1).
PART 1804--ADMINISTRATIVE MATTERS
2. Subpart 1804.13 is added to read as follows:
Subpart 1804.13--Personal Identity Verification of Contractor
Personnel
Sec.
1804.1303 Contract clause.
1804.1303-70 NASA contract clause.
The contracting officer shall insert the clause at 1852.204-77,
NASA Procedures for Personal Identity Verification of Contractor
Personnel, in solicitations and contracts when the Center Chief of
Security has determined that a contractor will require routine access
to Federally-controlled facilities or access to Federally-controlled
information systems. The Center Chief shall make such a determination,
on a case-by-case basis, as part of acquisition planning. Section
1807.104(a) requires the contracting officer to coordinate new
requirements with the security office and cites NASA NPR 1600.1, NASA
Security Program Procedural Requirements, as the procedural document
for identifying and processing
[[Page 45680]]
contractor employees requiring personal identity verification. Clause
1852.204-77 will be used in conjunction with the clause at FAR 52.204-9
Personal Identity Verification of Contractor Personnel.
PART 1852--SOLICITATION PROVISIONS AND CONTRACT CLAUSES
3. Section 1852.204-77 is added to read as follows:
1852.204-77 NASA Procedures for Personal Identity Verification of
Contractor Personnel.
As prescribed in 1804.1303-70, insert the following clause:
NASA PROCEDURES FOR PERSONAL IDENTITY VERIFICATION OF CONTRACTOR
PERSONNEL (XX/XX)
(a) Performance of this contract requires physical access to
Federally-controlled facilities and/or access to Federally-
controlled information systems, as determined by NASA. In accordance
with FAR 52.204-9, Personal Identity Verification of Contractor
Personnel, the Contractor shall comply with NASA Policy Regulation
1600.1, NASA Security Program Procedural Requirements, including all
associated changes and interim directives (referred to hereafter as
``the NPR''). Electronic copies are available at http://
nodis.hq.nasa.gov or from the Contracting Officer. NPR 1600.1
implements Homeland Security Presidential Directive 12 (HSPD-12),
Office of Management and Budget (OMB) guidance M-05-24, as amended,
and Federal Information Processing Standards Publication (FIPS PUB)
Number 201, as amended.
(b) The Contractor must apply for NASA badges for all employees
and subcontractor employees at any tier requiring physical access to
NASA facilities and/or access to Federally-controlled information
systems, following the procedures set forth in the NPR. The
Contractor is responsible for collecting and submitting all requests
for subcontractor badges, regardless of subcontract tier. If
approved by the Center Chief of Security, badges will be issued for
no longer than the contract period of performance inclusive of
options, but not to exceed 5 years. Badge renewal will be required
for additional periods. All personnel issued badges must
conspicuously display the badge above the waistline on the outermost
garment, and must comply with all requirements applicable to badges
in effect at the Center.
(c) NASA will make suitability/access determinations and the
Center Chief of Security or the PIV Authorizer, in accordance with
NPR 1600.1, Section 6.2, will approve the issuance of badges based
upon a background investigation. Criteria for access will be per 5
CFR part 731. At a minimum, a National Agency Check with Written
Inquiries (NACI) will be required. The NPR also specifies higher
level reinvestigation requirements which may be applicable, for
example due to position risk level changes or time since last
investigation.
(d) Other employees who may require access on a non-routine or
infrequent basis are to be identified by the Contractor for approval
and registered on an access list under the control of the Center
security office, as set forth in Center procedures.
(e) Prior to the initiation of contract performance, the
Contractor must designate a person responsible for determining that
an employee (or an employee of a subcontractor at any tier) requires
physical access to NASA-controlled facilities and/or access to
federally-controlled information systems in order to perform work
under the contract. This designated person acts as the Contractor's
``Requestor.'' The Contractor's Requestor will also be responsible
for providing updated information as changes occur during the period
of contract performance (e.g., additions, deletions, and position
risk changes), and for managing all subcontractor requests. The
Contractor's Requestor shall provide a list of names, along with
their position titles and position description summaries to the
following Center point of contact to initiate the personal identity
verification credential process. This information shall be submitted
in sufficient time to allow badge issuance before the employee
requires access to the NASA-controlled facility or access to the
federally-controlled information system. Additional information will
be required subsequent to the initial list, as directed by the
Center Chief of Security.
(Insert Center point of contact)
(f) The Contractor shall include the terms of this clause
(except for paragraph (e)), suitably modified to identify the
parties, in all subcontracts when the subcontractor is required to
have routine physical access to Federally-controlled facilities and/
or access to federally-controlled information systems. The clause
shall not be used when contractors require only intermittent access
to federally-controlled facilities.
(End of clause)
[FR Doc. E8-17951 Filed 8-5-08; 8:45 am]
BILLING CODE 7510-01-P