[Federal Register Volume 89, Number 78 (Monday, April 22, 2024)]
[Notices]
[Pages 29313-29314]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-08476]
-----------------------------------------------------------------------
DEPARTMENT OF DEFENSE
Office of the Secretary
[Docket ID: DoD-2024-OS-0035]
Proposed Collection; Comment Request
AGENCY: Office of the Under Secretary of Defense for Intelligence and
Security (OUSD(I&S)), Department of Defense (DoD).
ACTION: 60-day information collection notice.
-----------------------------------------------------------------------
SUMMARY: In compliance with the Paperwork Reduction Act of 1995, the
Defense Counterintelligence and Security Agency (DCSA) announces a
proposed public information collection and seeks public comment on the
provisions thereof. Comments are invited on: whether the proposed
collection of information is necessary for the proper performance of
the functions of the agency, including whether the information shall
have practical utility; the accuracy of the agency's estimate of the
burden of the proposed information collection; ways to enhance the
quality, utility, and clarity of the information to be collected; and
ways to minimize the burden of the information collection on
respondents, including through the use of automated collection
techniques or other forms of information technology.
DATES: Consideration will be given to all comments received by June 21,
2024.
ADDRESSES: You may submit comments, identified by docket number and
title, by any of the following methods:
Federal eRulemaking Portal: http://www.regulations.gov. Follow the
instructions for submitting comments.
Mail: Department of Defense, Office of the Assistant to the
Secretary of Defense for Privacy, Civil Liberties, and Transparency,
4800 Mark Center Drive, Mailbox #24, Suite 08D09, Alexandria, VA 22350-
1700.
Instructions: All submissions received must include the agency
name, docket number and title for this Federal Register document. The
general policy for comments and other submissions from members of the
public is to make these submissions available for public viewing on the
internet at http://www.regulations.gov as they are received without
change, including any personal identifiers or contact information.
FOR FURTHER INFORMATION CONTACT: To request more information on this
proposed information collection or to obtain a copy of the proposal and
associated collection instruments, please write to the Defense
Counterintelligence and Security Agency, 27130 Telegraph Rd., Quantico,
VA, 22134, ATTN: Ms. Stepheny Fanning, (571) 305-6243.
SUPPLEMENTARY INFORMATION:
Title; Associated Form; and OMB Number: Certificate Pertaining to
Foreign Interests; SF-328; OMB Control Number 0704-0579.
Needs and Uses: This information collection requirement is
necessary to support the execution of 32 CFR part 117, ``National
Industrial Security Program (NISPOM),'' dated December 21, 2020 or
equivalent. Executive Order (E.O.) 12829, as amended, ``National
Industrial Security Program (NISP)'', section 202 (a) stipulates that
the Secretary of Defense serves as the Executive Agent for inspecting
and monitoring the contractors, licensees, and grantees who require or
will require access to, or who store or will store classified
information; and for determining eligibility for access to classified
information of contractors, licensees, and grantees and their
respective employees. Section 202 (e) also authorizes the Executive
Agent to issue, after consultation with affected agencies, standard
forms that will promote the implementation of the NISP.
Executive Order 12829 was amended by Executive Order 13691, adding
the Secretary of Homeland Security as the fifth Cognizant Security
Agency. Section 202 (d) of E.O. 12829 stipulates that the Secretary of
Homeland security may determine the eligibility for access to
Classified National Security Information of contractors, licensees and
grantees and their respective employees under a designated critical
infrastructure protection program, including parties to agreements with
such programs. The Secretary of Homeland Security also may inspect and
monitor the contractors, grantees or licensees and facilities or may
enter into written agreements with the Secretary of Defense, as
Executive Agent or with the office of the Director of Intelligence/
Director of Central Intelligence Agency to inspect and monitor these
programs in whole or in part on behalf of the Secretary of Homeland
Security. The specific requirements necessary to protect classified
information released to private industry are found in 32 CFR part 117,
``National Industrial Security Program (NISPOM),'' (Part 117) dated
December 21, 2020 or equivalent; DoD Industrial Security Regulation,
DoD 5220. 22-R, as amend by DoD 5220.22- NISP Volume 3, ``National
Industrial Security Program: Procedures for
[[Page 29314]]
Government Activities Relating to Foreign Ownership, Control or
Influence (FOCI), dated April 17, 2014. The SF 328 incorporates its
usage for the NISP portion of the Classified Critical Infrastructure
Protection Program as stipulated under E.O. 12829, as amended by
Executive Order 13691. Revisions to the SF 328 will also incorporate
its usage under the DoD's Innovation initiative through the DoD
Enhanced Security Program (DESP), pursuant to section 951 of Public Law
114-328 (10 U.S.C. 1564 note). The DESP is a DoD only initiative and is
not part of the NISP. Companies participating under the DESP do not
require a DoD contract but are required to enter into a Memorandum of
Agreement. Completion of the SF 328 and submission of supporting
documentation (e.g., company or entity charter documents, board meeting
minutes, stock or securities information, descriptions of
organizational structures, contracts, sales, leases and/or loan
agreements and revenue documents, annual reports and income statements,
etc.) is part of the eligibility determination for access to classified
information and/or issuance of an Entity Eligibility Determination
(also known as a Facility Security Clearance).
The National Defense Authorization Act for Fiscal Year 2020, Public
Law 116-92, section 847, ``Mitigating Risks Related to Foreign
Ownership, Control, or Influence of Department of Defense Contractors
or Subcontractors'' (sec. 847), requires the Secretary for Defense to
improve the process and procedures for the assessment and mitigation of
risks related to FOCI of contractors and subcontractors doing business
with the DoD, in conjunction with the Departments efforts to develop
and implement an improved analytical framework for mitigating risk
relating to ownership structure, as required by 10 U.S.C. 2509 and
section 847 of Public Law 116-92. To fulfill the requirements of sec.
847, contractors and subcontractors must disclose to DCSA their
beneficial ownership and whether they are under FOCI, and to update
those disclosures when changes occur to information previously provided
consistent with the requirements of the NISPOM. In addition, sec. 847
provides for the creation of other measures as necessary to be
consistent with other relevant authorities, including the NISP.
The Small Business Innovation Research and Small Business
Technology Transfer (SBIR/STTR) Extension Act of 2022, Public Law 117-
183, section 4, ``Foreign Risk Management'' (DoD SBIR/STTR programs),
requires the head of each Federal agency required to establish a SBIR
or STTR program to implement a due diligence program to assess security
risks presented by small business concerns seeking Federal awards.
These security risks includes, among other things, foreign interested-
related risks. The DoD intends to utilize the SF 328 as the basis for
information collection for DoD SBIR/STTR program participants to
disclose their foreign interests, and to report any future changes, as
appropriate. For DoD SBIR/STTR, the DoD will use this form to collect
information to conduct a risk-based due diligence review and assess
security risks presented by small business concerns seeking a federally
funded award through the DoD SBIR/STTR programs. The submission will be
required to be submitted as part of the SBIR/STTR solicitation package,
and details concerning its submission will be included in the
solicitation published to perspective submitters.
The use of the SF 328 will also be required by the forthcoming
Cybersecurity Maturity Model Certification (CMMC) program, which is
currently in the Rulemaking process under 32 CFR part 170. The CMMC
program will require CMMC Level 2 Certification Assessments be
conducted by a CMMC Third Party Assessment Organization (C3PAO),
accredited by the DoD approved CMMC Accreditation Body (AB). To be
accredited, the CMMC AB and all C3PAOs must receive a favorable
adjudication and not be subject to a level of risk from Foreign
Ownership, Control, or Influence (FOCI) as determined by the CMMC
Program Management Office (PMO). DCSA will conduct the FOCI assessments
for the CMMC AB and C3PAOs after they are nominated by the CMMC PMO.
The multiple authorized uses of this form will create uniformity
among numerous authorities responsible for the vetting or review of
companies or entities for foreign interest-related risks. In addition,
it will establish more consistency among industry concerning their
basic information submission requirements regarding foreign interest
information.
The submission of the SF-328, and supporting documentation, may be
done electronically through a government approved system of record.
Affected Public: Business or other for profit; Not-for-profit
institutions.
Annual Burden Hours: 104,917.
Number of Respondents: 62,950.
Responses per Respondent: 1.
Annual Responses: 62,950.
Average Burden per Response: 100 minutes.
Frequency: On occasion.
Dated: April 16, 2024.
Aaron T. Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 2024-08476 Filed 4-19-24; 8:45 am]
BILLING CODE 6001-FR-P