[Federal Register Volume 80, Number 204 (Thursday, October 22, 2015)]
[Rules and Regulations]
[Pages 63928-63929]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-26887]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Defense Acquisition Regulations System

48 CFR Parts 202, 204, 212, 239, and 252

[Docket No. DARS-2015-0039]
RIN 0750-AI61


Defense Federal Acquisition Regulation Supplement: Network 
Penetration Reporting and Contracting for Cloud Services (DFARS Case 
2013-D018)

AGENCY: Defense Acquisition Regulations System, Department of Defense 
(DoD).

ACTION: Interim rule; extension of comment period.

-----------------------------------------------------------------------

SUMMARY: DoD issued an interim rule (DFARS Case 2013-D018) on August 
26, 2015, amending the Defense Federal Acquisition Regulation 
Supplement (DFARS) to implement a section of the National Defense 
Authorization Act for Fiscal Year 2013 and a section of the National 
Defense Authorization Act for Fiscal Year 2015, both of which require 
contractor reporting on network penetrations. The comment period on the 
interim rule is being extended to November 20, 2015.

DATES: For the interim rule published on August 26, 2015 (80 FR 51739), 
submit comments by November 20, 2015.

ADDRESSES: Submit comments identified by DFARS Case 2013-D018, using 
any of the following methods:

[[Page 63929]]

    [cir] Regulations.gov: http://www.regulations.gov. Submit comments 
via the Federal eRulemaking portal by entering ``DFARS Case 2013-D018'' 
under the heading ``Enter keyword or ID'' and selecting ``Search.'' 
Select the link ``Submit a Comment'' that corresponds with ``DFARS Case 
2013-D018.'' Follow the instructions provided at the ``Submit a 
Comment'' screen. Please include your name, company name (if any), and 
``DFARS Case 2013-D018'' on your attached document.
    [cir] Email: [email protected]. Include DFARS Case 2013-D018 in 
the subject line of the message.
    [cir] Fax: 571-372-6094.
    [cir] Mail: Defense Acquisition Regulations System, Attn: Mr. 
Dustin Pitsch, OUSD(AT&L)DPAP/DARS, Room 3B855, 3060 Defense Pentagon, 
Washington, DC 20301-3060.
    Comments received generally will be posted without change to http://www.regulations.gov, including any personal information provided. To 
confirm receipt of your comment(s), please check www.regulations.gov, 
approximately two to three days after submission to verify posting 
(except allow 30 days for posting of comments submitted by mail).

FOR FURTHER INFORMATION CONTACT: Mr. Dustin Pitsch, telephone 571-372-
6090.

SUPPLEMENTARY INFORMATION: 

I. Background

    On August 26, 2015, DoD published an interim rule (DFARS Case 2013-
D018) in the Federal Register at 80 FR 51739 revising the DFARS to 
implement section 941 of the National Defense Authorization Act (NDAA) 
for Fiscal Year (FY) 2013 (Pub. L. 112-239) and section 1632 of the 
NDAA for FY 2015 (Pub. L. 113-291). Section 941 requires cleared 
defense contractors to report penetrations of networks and information 
systems and allows DoD personnel access to equipment and information to 
assess the impact of reported penetrations. Section 1632 requires that 
a contractor designated as operationally critical must report each time 
a cyber incident occurs on that contractor's network or information 
systems. This rule also implements DoD policies and procedures for use 
when contracting for cloud computing services.
    The due date for comments on the interim rule (DFARS Case 2013-
D018) is being extended from October 26, 2015 to November 20, 2015, to 
provide additional time for interested parties to submit comments on 
the interim rule.

List of Subjects in 48 CFR Parts 202, 204, 212, 239, and 252

    Government procurement.

Jennifer L. Hawes,
Editor, Defense Acquisition Regulations System.
[FR Doc. 2015-26887 Filed 10-21-15; 8:45 am]
 BILLING CODE 6820-EP-P