[Federal Register Volume 89, Number 174 (Monday, September 9, 2024)]
[Notices]
[Pages 73110-73113]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-20270]



[[Page 73110]]

-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket Number DHS 2024-0031]


Agency Information Collection Activities: Post-Contract Award 
Information; OMB Control No. 1600-0003

AGENCY: Department of Homeland Security (DHS).

ACTION: 60-Day notice and request for comments.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security will submit the following 
Information Collection Request (ICR) to the Office of Management and 
Budget (OMB) for review and clearance in accordance with the Paperwork 
Reduction Act of 1995.

DATES: Comments are encouraged and will be accepted until November 8, 
2024. This process is conducted in accordance with 5 CFR 1320.1

ADDRESSES: You may submit comments, identified by docket number Docket 
# DHS-2024-0031, at:
    [cir] Federal eRulemaking Portal: http://www.regulations.gov. 
Please follow the instructions for submitting comments.
    Instructions: All submissions received must include the agency name 
and docket number Docket # DHS-2024-0031. All comments received will be 
posted without change to http://www.regulations.gov, including any 
personal information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov.

SUPPLEMENTARY INFORMATION: The Department of Homeland Security (DHS) 
collects information, when necessary, in administering public contracts 
for supplies and services. The information is used to determine 
compliance with contract terms placed in the contract as authorized by 
the Federal Property and Administrative Services Act (41 U.S.C. 251 et 
seq.), the Federal Acquisition Regulation (FAR) (48 CFR chapter 1), and 
the Homeland Security Acquisition Regulation (HSAR) (48 CFR chapter 
30).
    Respondents submit information based on the terms of the contract; 
the instructions in the contract deliverables mandatory reporting 
requirements; and correspondence from acquisition personnel requesting 
post-award contract information. The least active contracts and the 
simplest contracts will have little to no data to report. The most 
active and complex contracts, however, will contain more reporting 
requirements. DHS believes that some of this information is already 
readily available as part of a company's business processes and that 
the largest businesses use computers to compile the data. However, a 
significant amount of time is spent correlating information to specific 
contract actions and gathering information for more complex contract 
actions.
    The prior information collection request for Office of Management 
and Budget (OMB) Control No. 1600-0003 was approved through May 31, 
2025, by OMB, and it includes the following:
    3052.204-70 Security requirements for unclassified information 
technology resources. (Required in all solicitations and contracts that 
require submission of an IT Security Plan.) This clause applies to all 
contractor systems connected to a DHS network and those contracts where 
the Contractor must have physical or electronic access to sensitive 
information contained in DHS unclassified systems. The contractor is 
asked to prepare, provide and maintain an IT Security Plan.
    3052.204-71 Contractor employee access. (Required when contractor 
employees require recurring access to Government facilities or access 
to sensitive info.) Contractors may be subject to background 
investigations and will have to provide information as required by the 
DHS Security Office. The information requested is in addition to the 
information requested through Standard Form (SF) 86.
    3052.205-70 Advertisements, Publicizing Awards, and Releases. 
(Required for all contracts exceeding Simplified Acquisition 
Threshold.) Contractors may have to provide copies of information 
related to advertisements and release statements to receive approval 
for publication.
    3052.209-72 Organizational Conflict of Interest, paragraphs (f) and 
(g) (Included in solicitations and contracts where a potential 
organizational conflict of interest exists and mitigation may be 
possible.) Contractors will have to provide information related to 
actual or potential conflicts of interest and a mitigation plan.
    3052.209-75 Prohibited Financial Interests for Lead System 
Integrators. (Required in solicitations and contracts for the 
acquisition of a major system when the acquisition strategy envisions 
the use of a lead system integrator or when the contractor will be the 
lead system integrator.) Contractors will have to provide information 
related to changes in financial interests.
    3052.209-76 Prohibition on Federal Protective Service Guard 
Services Contracts with Business Concerns Owned, Controlled, or 
Operated by an Individual Convicted of a Felony, paragraph (h). 
(Section 2 of the Federal Protective Service Guard Contracting Reform 
Act of 2008, Pub. L. 110-356, generally prohibits DHS from entering 
into a contract for guard services under the Federal Protective Service 
(FPS) guard services program with any business concern owned, 
controlled, or operated by an individual convicted of a serious 
felony.) The notification required by paragraph (h) applies to any 
contractual instrument that may result in the issuance of task orders. 
Contractors will have to provide information on any felony conviction 
of personnel who own, control or operate a business during the 
performance a contract.
    3052.215-70 Key personnel or facilities. (Required in solicitations 
and contracts when the selection for award is substantially based on 
the offeror's possession of special capabilities regarding personnel or 
facilities.) Contractors will have to provide notice of and 
documentation related to changes in key personnel for evaluation, 
including, resumes; description of the duties the replacement will 
assume; description of any change in duties and confirmation that such 
change will not negatively impact contract performance.
    3052.216-71 Determination of Award Fee. (Required in solicitations 
and contracts that include an award fee.) Contractor may submit a 
performance self-evaluation for each evaluation period.
    3052.217-91 Performance (USCG). (Required in sealed bid fixed-price 
solicitations and contracts for vessel repair, alteration, or 
conversion which are to be performed within the United States, its 
possessions, or Puerto Rico. Also required in negotiated solicitations 
and contracts to be performed outside the United States.) Contractor 
must request prior approval to conduct dock and sea trials.
    3052.217-92 Inspection and Manner of Doing Work (USCG). (Required 
in sealed bid fixed-price solicitations and contracts for vessel 
repair, alteration, or conversion which are to be performed within the 
United States, its possessions, or Puerto Rico. Also required in 
negotiated solicitations and contracts to be performed outside the 
United States.) Contractor must maintain complete records of all 
inspection work and shall make them available to the Government during 
performance of the contract and for 90 days after the completion of all 
work required.
    3052.217-95 Liability and Insurance (USCG). (Required in sealed bid 
fixed-price solicitations and contracts for

[[Page 73111]]

vessel repair, alteration, or conversion which are to be performed 
within the United States, its possessions, or Puerto Rico. Also 
required in negotiated solicitations and contracts to be performed 
outside the United States.) Contractor shall provide evidence of the 
insurance and give the Contracting Officer written notice after the 
occurrence of a loss or damage for which the Government has assumed the 
risk. If any loss or damage will result in a claim against the 
Government, the contractor shall provide notice.
    3052.219-70 Small Business subcontracting plan reporting. 
(Generally included in solicitations and contracts that offer 
subcontracting possibilities and are expected to exceed $700,000) 
Contractors must use Electronic Subcontracting Reporting System (eSRS) 
to submit subcontracting reporting data.
    3052.219-71 DHS Mentor-Prot[eacute]g[eacute] Program. (Included in 
solicitations where subcontracting plans are anticipated) The amount of 
credit given to a contractor mentor firm for prot[eacute]g[eacute] 
developmental assistance costs must be calculated on a dollar-for-
dollar basis and reported in the Summary Subcontract Report via the 
Electronic Subcontracting Reporting System (eSRS) at www.esrs.gov.
    3052.222-70 Strikes or Picketing Affecting Timely Completion of the 
Contract Work. (Generally included in solicitations and contracts) 
Contractor must take all reasonable and appropriate action to end a 
strike or picketing. Delay caused by a strike or by picketing which 
constitutes an unfair labor practice is not excusable unless the 
Contractor takes all reasonable and appropriate action to end such a 
strike or picketing, such as the filing of a charge with the National 
Labor Relations Board, the use of other available Government 
procedures, and the use of private boards or organizations for the 
settlement of disputes. The contractor may be required to submit 
information to the contracting officer.
    3052.222-71 Strikes or Picketing Affecting Access to a DHS 
Facility. (Generally included in solicitations and contracts) 
Contractor is responsible if strike or picketing is directed at the 
Contractor and impedes access by any person to a DHS facility. 
Contractor must take all reasonable and appropriate action to end a 
strike or picketing. The contractor may be required to submit 
information to the contracting officer.
    3052.223-70 Removal or disposal of hazardous substances--applicable 
licenses and permits. (Required in solicitations and contracts 
involving the removal or disposal of hazardous waste material) 
Contractors will have to provide evidence of licenses and permits to 
perform hazardous substance removal.
    3052.223-90 Accident and Fire Reporting (USCG). (Included in 
solicitations and contracts involving the removal of hazardous waste 
material) Contractor must report incidents involving fire or accidents 
at a worksite. Contractors may provide this information using a state, 
private insurance carrier, or Contractor accident report form.
    3052.228-91 Loss of or Damage to Leased Aircraft (USCG). (Included 
in any contract for the lease of an aircraft) In the event of loss of 
or damage to an aircraft, the Government shall be subrogated to all 
rights of recovery by the Contractor against third parties for such 
loss or damage and the Contractor must promptly assign such rights in 
writing to the Government.
    3052.228-93 Risk and Indemnities (USCG). (Included in any contract 
for the lease of an aircraft) Requires the contractor to provide the 
Government with evidence of insurance.
    3052.235.70 Dissemination of Information--Educational Institutions. 
(Included in contracts with educational institutions for research that 
are not sensitive or classified) Contractors must provide advanced 
electronic copies of articles to the Government covering the results of 
research it plans to publish.
    Form 700-26, Other Transaction Agreement (Required for the purposes 
of entering into other transaction agreements pursuant to 6 U.S.C. 391, 
6 U.S.C. 596(1), and 49 U.S.C. 106(l)(6)) The offeror submit an 
Employer Identification Number, as well as the business' name, address 
and title. Offerors must also identify the authorized business 
representative's personal name and must include a signature.
    Form 700-23, Other Transaction Agreement Modification (Required for 
the purposes of modifying other transaction agreements entered into 
pursuant to 6 U.S.C. 391, 6 U.S.C. 596(1), and 49 U.S.C. 106(l)(6)) The 
respondent must submit an Employer Identification Number, as well as 
the business' name, address and title. Respondents must also identify 
the authorized business representative's personal name and must include 
a signature.
    DHS is seeking to renew this collection, and revise it to:
    (1) Remove HSAR Clause 3052.204-70, Security requirements for 
unclassified information technology resources, from this OMB Control 
Number. The clause was made obsolete by final rule, Homeland Security 
Acquisition Regulation; Safeguarding of Controlled Unclassified 
Information, issued on June 21, 2023.
    (2) Add the provisions and contract clauses under previously 
approved OMB Control Number 1601-0023, Safeguarding of Controlled 
Unclassified Information and Notification and Credit Monitoring 
Requirements for Personally Identifiable Information Incidents, to this 
OMB Control Number, in order to consolidate the collections. The 
clauses that will be transferred to this OMB Control Number are as 
follows:
    3052.204-72 Safeguarding of Controlled Unclassified Information. 
(Included in solicitations and contracts where contractor and/or 
subcontractor employees will have access to controlled unclassified 
information (CUI) or CUI will be collected or maintained on behalf of 
the agency. The basic clause with its alternate is included in 
solicitations and contracts when Federal information systems, which 
include contractor information systems operated on behalf of the 
agency, are used to collect, process, store, or transmit CUI.) Under 
the basic clause, contractors and subcontractors are required to:
    Provide adequate security to protect CUI from unauthorized access 
and disclosure;
    Report all known or suspected incidents to the Component Security 
Operations Center (SOC), or the DHS Enterprise SOC if the Component SOC 
is not available, in accordance with 4300A Sensitive Systems Handbook 
Attachment F Incident Response (i.e., incidents involving personally 
identifiable information (PII) or sensitive PII (SPII) must be reported 
within 1 hour of discovery; all other incidents shall be reported 
within 8 hours of discovery).
    Provide full access and cooperation for all activities determined 
by the Government to be required to ensure an effective incident 
response, including providing all requested images, log files, and 
event information to facilitate rapid resolution of incidents;
    Certify and confirm the sanitization of Government and Government-
Activity related files and information, and submit the certification to 
the Contracting Officer's Representative (COR) and Contracting Officer 
in accordance with the template provided in NIST Special Publication 
800-88, Guidelines for Media Sanitization, Appendix G; and
    Insert this clause in all subcontracts and require subcontractors 
to include this clause in all lower tier subcontracts when 
subcontractor employees will

[[Page 73112]]

have access to CUI; CUI will be collected or maintained on behalf of 
the agency by a subcontractor; or a subcontractor information system(s) 
will be used to process, store, or transmit CUI.
    Under the alternate, contractors and subcontractors are prohibited 
from collecting, processing, storing, or transmitting CUI within a 
Federal information system until an Authority to Operate (ATO) has been 
accepted and signed by the Component or Headquarters CIO, or designee.
    Additionally, contractors and subcontractors are required to:
    Complete and submit security authorization (SA) documentation in 
accordance with DHS Policy Directive 4300A Information Technology 
System Security Program, Sensitive Systems (Version 13.3, February 13, 
2023), or any successor publication; and the Security Authorization 
Process Guide, including templates;
    Have an independent third party validate the security and privacy 
controls in place for the information system;
    Renew the ATO every three (3) years unless otherwise specified in 
the ATO letter;
    Support random, periodic reviews by the Department to ensure that 
the security requirements contained in the contract are being 
implemented and enforced; and
    Comply with Federal reporting and information system continuous 
monitoring requirements as defined in the Fiscal Year (FY) 2021 DHS 
Information Security Performance Plan, or successor publication.
    3052.204-73 Notification and Credit Monitoring Requirements for 
Personally Identifiable Information Incidents. (Included in 
solicitations and contracts where contractor and/or subcontractor 
employees have access to personally identifiable information (PII)) 
Contractors must have in place procedures and the capability to notify 
any individual whose PII and/or sensitive PII (SPII) was under the 
control of the contractor or resided in the contractor information 
system at the time of the incident not later than 5 business days after 
being directed to notify individuals, unless otherwise approved by the 
Contracting Officer. Additionally, contractors are required to provide 
credit monitoring services to individuals whose PII or SPII was under 
the control of the contractor or resided in the information system at 
the time of the incident for a period beginning the date of the 
incident and extending not less than 18 months from the date the 
individual is notified.
    The information requested is used by the Government's contracting 
officers and other acquisition personnel, including technical and legal 
staff, for various reasons such as (1) determining the suitability of 
contractor personnel accessing DHS facilities; (2) to ensure no 
organizational conflicts of interest exist during the performance of 
contracts; (3) to ensure the contractor maintains applicable licenses 
and permits for the removal and disposal of hazardous materials; (4) to 
implement adequate security measures to safeguard CUI and to facilitate 
improved incident reporting to DHS; (5) to provide DHS with an 
understanding of the contractor's plan to recruit, train, and develop a 
diverse, high-performing workforce from underserved communities; and 
(6) to otherwise ensure firms are performing in the Government's best 
interest. Failure to collect this information would adversely affect 
the quality of products and services DHS receives from contractors.
    Many sources of the requested information use automated word 
processing systems, databases, spreadsheets, project management and 
other commercial software to facilitate preparation of material to be 
submitted. With Government-wide implementation of e-Government 
initiatives, it is commonplace within many of DHS's Components for 
submissions to be electronic.
    As the information collection is governed by FAR, HSAR and certain 
procurement statutes, usability testing is limited to ensuring the use 
of plain language, no duplicate/superfluous collection and electronic 
submission. DHS found the following:
    Plain language is used in the applicable clauses and the forms. DHS 
encourages DHS Components to require only the minimum post-award 
contract information essential to proper protection of the Government's 
interests and compliance with regulation, e.g., contractor performance 
evaluation. The information collected from the public under this 
request complements but does not duplicate vendor information available 
to the Government-wide acquisition community through Integrated Award 
Environment (IAE) systems, including the System for Award Management 
(SAM). The SAM is the official U.S. Government system that consolidated 
the capabilities of the Central Contractor Registration (CCR), the 
Online Representations and Certifications Application (ORCA), the 
Excluded Parties List System (EPLS) and the Past Performance 
Information Retrieval System (PPIRS). To ensure the information 
collected under this collection isn't duplicative, DHS Office of the 
Chief Procurement Officer: (1) monitors the acquisition processes and 
procedures of the various DHS Components; (2) reviews proposed and 
published changes to the FAR; and (3) provides one location for the 
final review and approval of all proposed acquisition regulations for 
DHS. Respondents may submit requested information electronically, 
through email or facsimile to the specified Government point of 
contact. Contractors will utilize their own computers to provide the 
required information to the Government point of contact.
    Information collection may or may not involve small business 
contractors, depending on the particular transaction. The burden 
applied to small businesses is the minimum consistent with the 
objective of ensuring contract compliance and protecting the interest 
of the Government.
    Less frequent incidence of collecting such information as resumes 
indicating the level of contractor expertise, permits and licenses, and 
inspection reports will negatively affect the quality of products and 
services DHS receives from contractors. Potentially, contractors could 
perform on contracts without sufficient experience and expertise and 
could perform contracts with outdated licenses and negative inspection 
reports, placing the Department's operations in jeopardy. Additionally, 
less frequent collection of information related to organizational 
conflicts of interest inhibit DHS from determining the existence of 
true conflicts of interest during the performance of contracts.
    Failure to collect this information would adversely affect the 
quality of products and services DHS receives from contractors. For 
example, potentially, contractors who are lead system integrators could 
acquire direct financial interests in major systems the contractors are 
contracted to procure, which would compromise the integrity of 
acquisitions for the Department. In addition, contractors who own, 
control or operate a business providing protective guard services could 
possess felony convictions during the performance of contracts, putting 
the Department at risk. Furthermore, contractors could change key 
personnel during the performance of contracts and use less experienced 
or less qualified personnel to reduce costs, which would adversely 
affect DHS's fulfillment of its mission requirements. Additionally, 
having an HSAR clause to address the safeguarding of CUI will greatly 
reduce the proliferation of Department, Component, or buying office-
level

[[Page 73113]]

requirements that offerors now respond to in a variety of different and 
non-standard ways. Failure to collect this information may result in 
the compromise of CUI hampering the Department's ability to carry out 
its mission.
    Executive Order 13985, titled ``Advancing Racial Equity and Support 
for Underserved Communities Through the Federal Government'' requires 
federal agencies to assess equity throughout their organizations, 
including equity through procurements. As part of its assessment and 
action planning, DHS identified that equity in procurements could be 
enhanced by ensuring that DHS's contractors have in place DEIA Plans 
which demonstrates the contractor's commitment to fairness regarding 
DEIA. Failure to collect a DEIA Plan would prohibit DHS from 
understanding the contractor's plan to recruit, train, and develop a 
diverse, high-performing workforce from underserved communities. 
Disclosure/non-disclosure of information is handled in accordance with 
the Freedom of Information Act, other disclosure statutes, and Federal 
and agency acquisition regulations.
    The burden estimates provided in response to Item 12 above are 
based upon definitive contract award data reported by DHS and its 
Components, as well as DHS FPDS data for FY 2022. No program changes 
occurred; however, the burden was adjusted to reflect an increase in 
the number of respondents within DHS for FY 2022 in the amount of 
11,075, as well as an increase in the average hourly wage rate. The 
burden hours also decreased by a total of 14 hours with the removal of 
HSAR Clause 3052.204-70, ``Security requirements for unclassified 
information technology resources'', that was made obsolete by the DHS 
rulemaking, ``Homeland Security Acquisition Regulation; Safeguarding of 
Controlled Unclassified Information, issued on June 21, 2023''.
    Finally, the burden has increased as a result of consolidating OMB 
Control Number 1601-0023 under this OMB Control Number, 1600-0003. The 
average burden per response for the clauses increased by 7.8 hours, 
from 6.2 hours to 14 hours; thereby increasing the total annual burden 
hours by 970,549 hours.
    The Office of Management and Budget is particularly interested in 
comments which:
    1. Evaluate whether the proposed collection of information is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    2. Evaluate the accuracy of the agency's estimate of the burden of 
the proposed collection of information, including the validity of the 
methodology and assumptions used;
    3. Enhance the quality, utility, and clarity of the information to 
be collected; and
    4. Minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology, e.g., permitting electronic 
submissions of responses.

Analysis

    Agency: Department of Homeland Security (DHS).
    Title: Post-Contract Award Information.
    OMB Number: 1600-0003.
    Frequency: Annually.
    Affected Public: Contractor.
    Number of Respondents: 26,726.
    Estimated Time per Respondent: 77,196.
    Total Burden Hours: 1,061,361.

Robert Dorr,
Executive Director, Business Management Directorate.
[FR Doc. 2024-20270 Filed 9-6-24; 8:45 am]
BILLING CODE 9112-FL-P