[Federal Register Volume 86, Number 173 (Friday, September 10, 2021)]
[Proposed Rules]
[Pages 50689-50693]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-18866]


=======================================================================
-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

48 CFR Parts 501, 502, 511, 539, 552, and 570

[GSAR Case 2016-G511; Docket No. 2021-0018; Sequence No. 1]
RIN 3090-AJ84


General Services Acquisition Regulation (GSAR); GSAR Case 2016-
G511, Contract Requirements for GSA Information Systems

AGENCY: Office of Acquisition Policy, General Services Administration 
(GSA).

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: GSA is proposing to amend the General Services Administration 
Acquisition Regulation (GSAR) to streamline and update requirements for 
contracts that involve GSA information systems. The revision of GSA's 
cybersecurity and other information technology requirements will lead 
to the elimination of a duplicative and outdated provision and clause 
from the GSAR. The proposed rule will replace the outdated text with 
existing policies of the GSA Office of the Chief Information Officer 
(OCIO) and provide centralized guidance to ensure consistent 
application across the organization. The updated GSA policy will align 
cybersecurity requirements based on the items being procured by 
ensuring contract requirements are coordinated with GSA's Chief 
Information Security Officer.

DATES: Interested parties should submit written comments to the 
Regulatory Secretariat at one of the addresses shown below on or before 
November 9, 2021 to be considered in the formation of the final rule.

ADDRESSES: Submit comments in response to GSAR case 2016-G511 to: 
Regulations.gov: http://www.regulations.gov. Submit comments via the 
Federal eRulemaking portal by searching for ``GSAR Case 2016-G511''. 
Select the link ``Comment Now'' that corresponds with GSAR Case 2016-
G511. Follow the instructions provided at the ``Comment Now'' screen. 
Please include your name, company name (if any), and ``GSAR Case 2016-
G511'' on your attached document. If your comment cannot be submitted 
using https://www.regulations.gov, call or email the points of contact 
in the FOR FURTHER INFORMATION CONTACT section of this document for 
alternate instructions.
    Instructions: Please submit comments only and cite GSAR Case 2016-
G511 in all correspondence related to this case. Comments received 
generally will be posted without change to https://www.regulations.gov, 
including any personal and/or business confidential information 
provided. To confirm receipt of your comment(s), please check https://www.regulations.gov approximately two-to-three days after submission to 
verify posting.

FOR FURTHER INFORMATION CONTACT: Ms. Johnnie McDowell, Procurement 
Analyst, at 202-718-6112 or [email protected], for clarification of 
content. For information pertaining to status or publication schedules, 
contact the Regulatory Secretariat Division at 202-501-4755 or 
[email protected]. Please cite GSAR Case 2016-G511.

SUPPLEMENTARY INFORMATION:

I. Background

    GSA's cybersecurity requirements mandate that contractors protect 
the confidentiality, integrity, and availability of unclassified GSA 
information and information systems from cybersecurity vulnerabilities 
and threats. This rule will require contracting officers to incorporate 
applicable GSA cybersecurity requirements within the statement of work 
to ensure compliance with Federal cybersecurity requirements and 
implement best practices for preventing cyber incidents. These GSA 
requirements mandate applicable controls and standards (e.g., U.S. 
National Institute of Standards and Technology, U.S. National Archives 
and Records Administration Controlled Unclassified Information 
standards).
    In general, the proposed changes are necessary to bring long-
standing GSA information system practices into the GSAR, consolidating 
policy into one area. Because of that consolidation, contractors may 
need less time and fewer resources to read and understand all the 
requirements relevant to their contract.
    GSA is proposing to amend the GSAR to revise sections of GSAR part 
511, Describing Agency Needs, part 539, Acquisition Information 
Technology, and other related parts; to maintain consistency with the 
Federal Acquisition Regulation (FAR); and to incorporate and 
consolidate existing cybersecurity and other information technology 
requirements previously implemented through various Office of the Chief 
Information Officer (OCIO) or agency policies.

II. Authority for This Rulemaking

    Title 40 of the United States Code (U.S.C.) Section 121 authorizes 
GSA to issue regulations, including the GSAR, to control the 
relationship between GSA and contractors.

III. Discussion and Analysis

    The proposed rule changes fall into three categories: (1) 
Streamlining existing agency information technology (IT) security 
policies previously issued through the OCIO into one consolidated 
cybersecurity requirements policy titled CIO IT Security Procedural 
Guide 09-48: Security and Privacy Requirements for IT Acquisition 
Efforts; (2) consolidating existing agency non-security IT policies 
previously issued through the OCIO into one streamlined requirements 
policy titled CIO 12-2018: IT Policy Requirements Guide; and (3) 
eliminating the GSAR provision 552.239-70, Information Technology 
Security Plan and Security Authorization, and GSAR clause 552.239-71, 
Security Requirements for Unclassified Information Technology 
Resources. The changes to the GSAR included in this proposed rule are 
summarized below:

1. Streamlining IT Security Policies Into CIO IT Security Procedural 
Guide 09-48: Security and Privacy Requirements for IT Acquisition 
Efforts

    GSA's internal information systems policies will be incorporated 
into subpart 511.171, Requirements for GSA Information Systems, 
requiring GSA contracting officers to:
     Incorporate the applicable sections or complete version of 
the CIO IT Security Procedural Guide 09-48: Security and Privacy 
Requirements for IT Acquisition Efforts, and CIO 12-2018, IT Policy 
Requirements Guide, into GSA solicitations (i.e., Statement of Work, or 
equivalent); and
     Coordinate with the GSA OCIO for applicable procurements.
    The new guidance will also establish a waiver process for cases 
where it is not effective from a cost or timing standpoint or where it 
is unreasonably burdensome.
    The streamlining of the policy into subpart 511.171 will also 
replace the general instruction found in GSAR 511.102, Security of 
Information Data, with more detailed instruction, and

[[Page 50690]]

better aligns the GSAR with language in the FAR.
    The streamlining of security IT policies into CIO IT Security 
Procedural Guide 09-48: Security and Privacy Requirements for IT 
Acquisition Efforts means the:
     Requirements outlined in the numerous OCIO security, 
privacy, and other information system policies are succinctly stated in 
a centralized policy.
     Burden on contractors for understanding and implementing 
the applicable requirements for GSA information systems will be 
significantly reduced due to the elimination of outdated policies.
     Contract administration will be simplified by 
consolidating the IT security requirements in one location.

2. Consolidating Non-Security IT Policies Into CIO 12-2018 IT Policy 
Requirements Guide

    The consolidating of OCIO non-security IT policies into CIO 12-2018 
IT Policy Requirements Guide, will reduce the burden for GSA 
contractors and ensure contractors understand and can easily comply 
with GSA's OCIO non-security requirements. In addition, the creation of 
one central acquisition policy guide covering applicable non-security 
information technology requirements will save time and effort for both 
contractors and the Government to understand and implement these 
requirements.

3. Eliminating GSAR Provision and Clause

    The analysis of GSA's IT and relevant policies will lead to the 
elimination of GSAR provision 552.239-70, Information Technology 
Security Plan and Security Authorization, and GSAR clause 552.239-71, 
Security Requirements for Unclassified Information Technology 
Resources. The elimination of the provision and clause means 
duplicative, outdated, and complex requirements imposed by them will be 
deleted from the GSAR and incorporated into the two policies. This new 
approach provides a more detailed explanation of the requirements for 
the Government and the public.

IV. Regulatory Cost Analysis

    The current GSAR coverage does not clearly include all GSA 
information system requirements contained in existing OCIO policies. 
This rule will bring long standing GSA information system practices 
into the GSAR and consolidate all relevant policies into one area. As a 
result, contractors can expend less time and fewer resources reading 
and understanding all the requirements relevant to their contract in 
order to fully comply with the requirements.
    In addition, streamlining existing requirements for GSA information 
systems into two contractor focused policies, CIO 09-48 and CIO 12-
2018, will reduce the number of requirements that contractors must 
implement, and the Government must validate through contract 
administration, saving time and effort for both contractors and the 
Government.
    The costs and impacts to streamline and consolidate IT security and 
non-security policies are discussed in the analysis below. The analysis 
was developed in consultation with the GSA Office of the Chief 
Information Officer (OCIO).

Explanation of Data Source and Cost Calculation

    The associated costs were calculated by analyzing data from the 
beta.SAM formerly known as the Federal Procurement Data System New 
Generation (FPDS-NG) for GSA information system contracts completed in 
Fiscal Years 2017-2020. The report provides information on GSA 
contracts and task orders valued at $25,000 or more awarded using the 
Product Service Code (PSC) ``D--ADP and Telecommunication Services'' 
from beta.SAM. According to beta.SAM, the average number of new 
contract actions involving access to GSA's information system was 132, 
of which 48 percent, or 63 entities, were small business entities. The 
following paragraphs detail activities which are required by this rule 
for contractors using GSA's internal information systems:
1. Familiarize Business Staff With CIO 09-48: Security and Privacy 
Requirements for IT Acquisition Efforts
    GSA estimates that contractors having to access GSA's internal 
information systems will take 2 hours to familiarize themselves with 
CIO 09-48 IT Security Procedural Guide: Security and Privacy 
Requirements for IT Acquisition Efforts. The 2 hours estimation is 
based on research findings which indicate that the requirements listed 
in CIO IT Security Procedural Guide 09-48: Security and Privacy 
Requirements for IT Acquisition Efforts are: (1) Similar to those 
imposed by other Federal agencies, (2) required by Federal laws and 
guidance such as the Federal Information Security Modernization Act 
(FISMA), Office of Management and Budget Circulars, and NIST 
publications, and (3) outlined in the original CIO 09-48 policy and its 
supplements before the updates. The consistency with the majority of 
the requirements reduces the time industry will need to familiarize 
themselves with the updated policy. GSA estimates the regulatory cost 
for this part of the rule to be $26,422 (= 2 hours x $100.08 x 132 
(rounded)).\1\
---------------------------------------------------------------------------

    \1\ The $100.08 hourly is the 2021 GS rate for a GS-13 Step 5 
(using the rate for the rest of the United States) burdened by 100% 
for fringe benefits.
---------------------------------------------------------------------------

2. Familiarize Business Staff With CIO 12-2018: GSA IT Policy 
Requirements Guide
    GSA estimates that contractors having to access GSA's internal 
information systems will take 2 hours to familiarize themselves with 
CIO 12-2018 IT Policy Requirements. The 2 hours estimation is based on 
research findings which indicate that the non-security IT requirements 
are similar to those implemented by other federal agencies and was part 
of GSA many policy requirements in previous years. GSA estimates the 
total regulatory cost for this part of the rule to be $26,422 (= 2 
hours x $100.08 x 132 (rounded)).\2\
---------------------------------------------------------------------------

    \2\ See footnote 1.
---------------------------------------------------------------------------

3. Develop Business Procedures To Comply With CIO 09-48
    Under GSA's IT policies, new contract actions may need to develop 
an IT plan and supplements to comply with GSA internal information 
systems security requirements. GSA estimates that it will take 1 hour 
to fully develop the policies as required by CIO 09-48 GSA IT Security 
Procedural Guide: Security and Privacy Requirements for IT Acquisition 
Efforts. The 1 hour estimation is based on the GSA's provision that 
allows contractors to use GSA's policies to develop contractor-specific 
policies. Developing the IT plan and supplement documents will result 
in a total estimated cost for this part of the rule of 13,211 (= 1 hour 
x $100.08 x 132 (rounded)).\3\
---------------------------------------------------------------------------

    \3\ See footnote 1.
---------------------------------------------------------------------------

4. Develop Business Procedures To Comply With CIO 12-2018
    Under GSA's IT policies new contract actions may need to develop, 
at a minimum, an IT Plan which includes non-security IT. GSA estimates 
that it will take 1 hour to comply with CIO 12-2018 GSA IT Policy 
Requirements Guide. The 1 hour estimate is based on the contractor's 
ability to use GSA's policies to develop their own policies and 
procedures to comply with the requirements of FISMA as incorporated in 
the GSA's IT policies. The total estimated cost for this part of the 
rule is $13,211 (= 1 hour x $100.08 x 132 (rounded)).\4\
---------------------------------------------------------------------------

    \4\ See footnote 1.

---------------------------------------------------------------------------

[[Page 50691]]

5. Recordkeeping To Comply With CIO 09-48
    GSA estimates that contractors accessing GSA's internal information 
systems will take 1 hour to maintain records including the updating IT 
Plans and procedures, as needed. GSA estimated the total regulatory 
cost for this part of the rule to be $13,211 (= 1 hour x $100.08 x 132 
(rounded)).\5\
---------------------------------------------------------------------------

    \5\ See footnote 1.
---------------------------------------------------------------------------

6. Recordkeeping To Comply With CIO 12-2018
    GSA estimates that contractor's accessing GSA's internal 
information systems will take 1 hour to maintain records. GSA 
calculated the total estimated cost for this part of the rule to be 
$13,211 (= 1 hour x $100.08 x 132 (rounded)).\6\
---------------------------------------------------------------------------

    \6\ See footnote 1.
---------------------------------------------------------------------------

Total Regulatory Cost

    The total cost of the above Cost Estimate is $72,000 in the first 
year after publication.
    The total cost of the above Cost Estimate in subsequent years is 
$18,000 annually.
    The following is a summary of the estimated total regulatory cost 
calculated into perpetuity at a 7-percent discount rate:

 
 
 
Present Value Costs.....................................        $451,536
Annualized Costs........................................          31,608
 

V. Executive Orders 12866 and 13563

    Executive Orders (E.O.s) 12866 and 13563 direct agencies to assess 
all costs and benefits of available regulatory alternatives and, if 
regulation is necessary, to select regulatory approaches that maximize 
net benefits (including potential economic, environmental, public 
health and safety effects, distributive impacts, and equity). E.O. 
13563 emphasizes the importance of quantifying both costs and benefits, 
of reducing costs, of harmonizing rules, and of promoting flexibility. 
The Office of Management and Budget (OMB) anticipates that this will 
not be a significant regulatory action and, therefore, will not be 
subject to review under section 6(b) of E.O. 12866, Regulatory Planning 
and Review, dated September 30, 1993.

VI. Congressional Review Act

    The Congressional Review Act, 5 U.S.C. 801 et seq., as amended by 
the Small Business Regulatory Enforcement Fairness Act of 1996, 
generally provides that before a ``major rule'' may take effect, the 
agency promulgating the rule must submit a rule report, which includes 
a copy of the rule, to each House of the Congress and to the 
Comptroller General of the United States. OMB anticipates that this 
will not be a major rule under 5 U.S.C. 804.

VII. Regulatory Flexibility Act

    GSA does not expect this rule to have a significant economic impact 
on a substantial number of small business entities within the meaning 
of the Regulatory Flexibility Act, at 5 U.S.C. 601, et seq., because 
the rule will incorporate the minimum requirements consistent with 
applicable laws, Executive orders, and prudent business practices for 
securing Government information systems. In addition, the requirements 
are similar to those currently in use in GSA information systems 
solicitations and contracts, and contractors are familiar with and are 
currently complying with these requirements. The Initial Regulatory 
Flexibility Analysis (IRFA) has been performed, and is summarized as 
follows:
    GSA is proposing to amend the General Services Administration 
Acquisition Regulation (GSAR) to codify the proposed streamlined and 
consolidated requirements for contract actions that involve accessing 
GSA's information systems. GSA's policies on cybersecurity and other 
information technology requirements have been previously implemented 
through various Office of the Chief Information Officer (OCIO) policies 
separately disseminated to the workforce. Contractors have already been 
performing the majority of the requirements.
    The objective of the rule is to formalize the proposed changes to 
the existing guidance for contracts involving GSA information systems. 
The rule also allows GSA to vet these existing information technology 
requirements to the public for comment.
    The rule requires contractors to comply with applicable 
requirements contained in CIO 09-48 GSA IT Security Procedural Guide: 
Security and Privacy Requirements for IT Acquisition Efforts and CIO 
12-2018, IT Policy Requirements Guide. The legal basis for the rule is 
40 U.S.C. 121(c), 10 U.S.C. chapter 137, and 51 U.S.C. 20113.
    The rule applies to large and small businesses, which are awarded 
contracts involving GSA information systems. Information generated from 
the beta.SAM, formerly FPDS, for Fiscal Years 2017-2020 has been used 
as the basis for estimating the number of contractors that may involve 
GSA information systems as a requirement of their contract. The 
analysis focused on contracts in the Product Service Code (PSC) 
category D-Information and Technology and Telecommunications.
    Examination of this data revealed there was an average of 132 new 
contracts awarded in the targeted PSC for fiscal year (FY) 2017-2020. 
Of these contract actions, 63 or 48 percent were small businesses. The 
number of potential subcontractors in the selected PSC to which the 
requirements would flow down was calculated by using a ratio of 0.3:1, 
subcontractors to prime contractors (including other than small 
businesses), which equates to 44 annual subcontractors, of which GSA 
estimates that 75 percent would be small businesses (i.e., 33). 
Therefore, the total number of small businesses, including prime 
contractors and subcontractors, impacted annually would be 96.
    This rule will consolidate requirements currently used in 
solicitations and contracts involving GSA information systems and does 
not implement new requirements. In addition, the rule establishes a 
waiver process for cases where it is not cost effective or where it is 
unreasonably burdensome.
    The rule involves reporting and recordkeeping that are currently 
covered under OMB Control Number 3090-0300. This rule does not include 
any new reporting, recordkeeping, or other compliance requirements for 
small businesses.
    The rule does not duplicate, overlap, or conflict with any other 
Federal rules.
    There are no known alternatives to this rule which would accomplish 
the stated objectives. This rule does not initiate or impose any new 
administrative or performance requirements on small business 
contractors because the policies are already being followed and comply 
with all applicable Federal laws regarding Federal IT systems. The rule 
will allow the policies to be codified.
    The Regulatory Secretariat Division will be submitting a copy of 
the IRFA to the Chief Counsel for Advocacy of the Small Business 
Administration. A copy of the IRFA may be obtained from the Regulatory 
Secretariat Division. GSA invites comments from small business concerns 
and other interested parties on the expected impact of this rule on 
small business entities.
    GSA will also consider comments from small business entities 
concerning the existing regulations in subparts affected by the rule in 
accordance with 5 U.S.C. 610. Interested parties must submit such 
comments separately and should cite 5 U.S.C. 610 (FAR Case 2016-G511), 
in correspondence.

[[Page 50692]]

VIII. Paperwork Reduction Act

    The Paperwork Reduction Act (44 U.S.C. Chapter 35) does apply 
because the rule contains procedures with information collection 
requirements. However, these procedures do not impose additional 
information collection requirements to the paperwork burden previously 
approved under an existing OMB Control Number 3090-0300.
    Requesters may obtain a copy of the information collection 
documents from the GSA Regulatory Secretariat Division, by calling 202-
501-4755 or emailing [email protected] Please cite OMB Control No. 
3090-0300, Implementation of Information Technology Security Provision, 
in all correspondence.

List of Subjects in 48 CFR Parts 501, 502, 511, 539, 552, and 570

    Government procurement.

Jeffrey A. Koses,
Senior Procurement Executive, Office of Acquisition Policy, Office of 
Government-wide Policy, General Services Administration.

    Therefore, GSA proposes amending 48 CFR parts 501, 502, 511, 539, 
552, and 570 as set forth below:

PART 501--GENERAL SERVICES ADMINISTRATION ACQUISITION REGULATION 
SYSTEM

0
1. The authority citation for 48 CFR part 501 continues to read as 
follows:

    Authority: 40 U.S.C. 121(c).

0
2. In section 501.106, amend table 1 by--
0
a. Adding an entry for ``511.171'' in numerical order; and
0
b. Removing the entry for ``552.239-71''.
    The addition reads as follows:


501.106   OMB approval under the Paperwork Reduction Act.

* * * * *

                           Table 1 to 501.106
------------------------------------------------------------------------
                                                            OMB control
                     GSAR reference                             No.
------------------------------------------------------------------------
 
                                * * * * *
511.171.................................................       3090-0300
 
                                * * * * *
------------------------------------------------------------------------

PART 502--DEFINITIONS OF WORDS AND TERMS

0
3. The authority citation for 48 CFR part 502 continues to read as 
follows:

    Authority: 40 U.S.C. 121(c).

0
4. Amend section 502.101 by adding, in alphabetical order, the 
definitions of ``GSA Information System'' and ``Information System'' to 
read as follows:


502.101   Definitions.

* * * * *
    GSA Information System means an information system used or operated 
by the U.S. General Services Administration (GSA) or by a contractor or 
other organization on behalf of the U.S. General Services 
Administration including:
    (1) Cloud information system means information systems developed 
using cloud computing. Cloud computing is a model for enabling 
ubiquitous, convenient, on-demand network access to a shared pool of 
configurable computing resources (e.g., networks, servers, storage, 
applications) that can be rapidly provisioned and released with minimal 
management effort or service provider interaction. Cloud information 
systems include Infrastructure as a Service (IaaS), Platform as a 
Service (PaaS), or Software as a Service (SaaS). Cloud information 
systems may connect to the GSA network.
    (2) External information system means information systems that 
reside in contractor facilities and typically do not connect to the GSA 
network. External information systems may be government-owned and 
contractor-operated or contractor-owned and -operated on behalf of GSA 
or the Federal Government (when GSA is the managing agency).
    (3) Internal information system means information systems that 
reside on premise in GSA facilities and may connect to the GSA network. 
Internal systems are operated on behalf of GSA or the Federal 
Government (when GSA is the managing agency).
    (4) Low Impact Software as a Service (LiSaaS) System means cloud 
applications that are implemented for a limited duration, considered 
low impact and would cause limited harm to GSA if breached.
    (5) Mobile application means a type of application software 
designed to run on a mobile device, such as a smartphone or tablet 
computer.
    Information System means a discrete set of information resources 
organized for the collection, processing, maintenance, use, sharing, 
dissemination, or disposition of information.

PART 511--DESCRIBING AGENCY NEEDS

0
5. The authority citation for 48 CFR part 511 continues to read as 
follows:

    Authority: 40 U.S.C. 121(c).

0
6. Add section 511.171 to read as follows:


511.171   Requirements for GSA Information Systems.

    (a) General Service Administration (GSA) requirements. For GSA 
procurements (contracts, actions, or orders) that may involve GSA 
Information Systems, excluding GSA's government-wide contracts (e.g., 
Federal Supply Schedules and Governmentwide Acquisition Contracts), the 
contracting officer shall incorporate the applicable sections of the 
following policies in the Statement of Work, or equivalent:
    (1) CIO 09-48, IT Security Procedural Guide: Security and Privacy 
IT Acquisition Requirements; and
    (2) CIO 12-2018, IT Policy Requirements Guide.
    (b) CIO (Chief Information Officer) coordination. The contracting 
officer shall coordinate with GSA's information technology (IT) point 
of contact to identify possible CIO policy inclusions prior to 
publication of a Statement of Work, or equivalent. In addition, 
contracting officers shall review the Security Considerations section 
of the acquisition plan to identify if the CIO policies apply. The CIO 
policies and GSA IT points of contact are available on the Acquisition 
Portal at https://insite.gsa.gov/itprocurement.
    (1) The contracting officer will be responsible for documenting the 
date of request for GSA IT coordination.
    (2) If no response is received within 10 business days of the 
request, the contracting officer will document that fact in the 
contract file and proceed with the publication of the Statement of Work 
or equivalent.
    (3) The contracting officer may grant an extension of this time 
period, if requested by GSA IT.
    (c) Waivers. (1) In cases where it is not effective in terms of 
cost or time or where it is unreasonably burdensome to include CIO 09-
48, IT Security Procedural Guide: Security and Privacy IT Acquisition 
Requirements or CIO 12-2018, IT Policy Requirements Guide in a contract 
or order, a waiver may be granted by the Acquisition Approving Official 
as identified in the thresholds listed at 507.103(b), the Information 
System Authorizing Official, and the GSA IT Approving Official.
    (2) The waiver request must provide the following information--

[[Page 50693]]

    (i) The description of the procurement and GSA Information Systems 
involved;
    (ii) Identification of requirement requested for waiver;
    (iii) Sufficient justification for why the requirement should be 
waived; and
    (iv) Any residual risks posed by waiving the requirement.
    (3) Waivers must be documented in the contract file.
    (d) Classified information. For any procurements that may involve 
access to classified information or a classified information system, 
see subpart 504.4 for additional requirements.

PART 539--[REMOVED AND RESERVED]

0
7. Under the authority of 40 U.S.C. 121(c), remove and reserve part 
539.

PART 552--SOLICITATION PROVISIONS AND CONTRACT CLAUSES

0
8. The authority citation for 48 CFR part 552 continues to read as 
follows:

    Authority: 40 U.S.C. 121(c).

Section 552.239-70   [Removed and Reserved]

0
9. Remove and reserve section 552.239-70.

PART 570--ACQUIRING LEASEHOLD INTERESTS IN REAL PROPERTY

0
10. The authority citation for 48 CFR part 570 continues to read as 
follows:

    Authority: 40 U.S.C. 121(c).

0
11. In section 570.101, revise the table in paragraph (b) to read as 
follows:


570.101   Applicability.

* * * * *
    (b) * * *

   Table 1 to Paragraph (b)--GSAR Rules Applicable to Acquisitions of
                  Leasehold Interests in Real Property
------------------------------------------------------------------------
 
------------------------------------------------------------------------
            501         515.209-70             519.12           536.271
            502            515.305            522.805             537.2
            503            517.202            522.807               539
          509.4            517.207            538.270               552
        514.407              519.7                533               553
------------------------------------------------------------------------

* * * * *
[FR Doc. 2021-18866 Filed 9-9-21; 8:45 am]
BILLING CODE 6820-61-P