[Federal Register Volume 67, Number 233 (Wednesday, December 4, 2002)]
[Proposed Rules]
[Page 72121]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 02-30652]


=======================================================================
-----------------------------------------------------------------------

NATIONAL AERONAUTICS AND SPACE ADMINISTRATION

14 CFR Part 1260

RIN 2700-AC53


NASA Grant and Cooperative Agreement Handbook--Security 
Requirements for Unclassified Information Technology Resources

AGENCY: National Aeronautics and Space Administration.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: This is a proposed rule to amend the NASA Grant and 
Cooperative Agreement Handbook to require recipients of grants and 
cooperative agreements to provide adequate security for all Agency 
information collected, processed, transmitted, stored, or disseminated 
through information technology. This would extend the coverage 
applicable to NASA contractors to recipients of grants and cooperative 
agreements.

DATES: Comments should be submitted on or before February 3, 2003.

ADDRESSES: Interested parties should submit written comments to Paul 
Brundage, NASA Headquarters, Office of Procurement, Analysis Division 
(Code HC), Washington, DC 20546. Comments may also be submitted by 
email to: [email protected].

FOR FURTHER INFORMATION CONTACT: Paul Brundage, NASA Headquarters, Code 
HC, Washington, DC (202) 358-0481, e-mail: [email protected].

SUPPLEMENTARY INFORMATION:

A. Background

    The Computer Security Act of 1987 and Appendix III of the Office of 
Management and Budget (OMB) Circular No. A-130, Security of Federal 
Automated Information Resources, require that adequate security be 
provided for all Agency information collected, processed, transmitted, 
stored, or disseminated. The NASA FAR Supplement (NFS) Part 1804 
contains the requirement for all NASA contractors to comply with 
Federal and NASA policies in safeguarding unclassified NASA data held 
via information technology (IT). This change would establish comparable 
coverage for grants and cooperative agreements.
    This is not a significant regulatory action, and therefore, was not 
subject to review under Section 6(b) of Executive Order 12866, 
Regulatory Planning and Review, dated September 30, 1993. This rule is 
not a major rule under 5 U.S.C. 804.

B. Regulatory Flexibility Act

    NASA certifies that this proposed rule will not have a significant 
economic impact on a substantial number of small entities within the 
meaning of the Regulatory Flexibility Act, 5 U.S.C. 601 et seq., 
because the changes will affect an insignificant number of grants and 
cooperative agreements.

C. Paperwork Reduction Act

    An Office of Management and Budget (OMB) approval for data 
collection has previously been approved under OMB Control No. 2700-
0098.

List of Subjects in 14 CFR Part 1260

    Grant Programs--Science and Technology.

Tom Luedtke,
Assistant Administrator for Procurement.

    Accordingly, 14 CFR Part 1260 is proposed to be amended as follows:
    1. The authority citation for 14 CFR 1260 continues to read as 
follows:

    Authority: 42 U.S.C. 2473(c)(1), Pub. L. 97-258, 96 Stat. 1003 
(31 U.S.C. 6301, et seq.), and OMB Circular A-110.

PART 1260--GRANTS AND COOPERATIVE AGREEMENTS

    2. Amend section 1260.50 by adding paragraph (f) to read as 
follows:


Sec.  1260.50  Special conditions.

* * * * *
    (f) Security requirements for unclassified information technology 
resources. Under NASA grants and cooperative agreements, recipients 
normally do not collect, process, transmit, store, or disseminate 
unique Agency data of substantial value using information technology. 
However, if it is known that a grant or cooperative agreement will 
include such use of information technology, the NASA Grant Officer 
shall insert a provision substantially the same as Sec.  1274.937. When 
such use of information technology is not originally anticipated in the 
performance of a grant, but it later becomes appropriate, the NASA 
Technical Officer shall immediately notify the NASA Grant Officer 
before such use of information technology occurs, and the NASA Grant 
Officer shall amend the grant to include a provision substantially the 
same as Sec.  1274.937. NASA policies and procedures on security for 
automated information technology are prescribed in NPD 2810.1, Security 
of Information Technology, and in NPG 2810.1, Security of Information 
Technology.

[FR Doc. 02-30652 Filed 12-3-02; 8:45 am]
BILLING CODE 7510-01-P