[Federal Register Volume 89, Number 177 (Thursday, September 12, 2024)]
[Notices]
[Pages 74277-74279]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-20650]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

[Docket ID: DoD-2024-OS-0035]


Submission for OMB Review; Comment Request

AGENCY: Office of the Under Secretary of Defense for Intelligence and 
Security (OUSD(I&S)), Department of Defense (DoD).

ACTION: 30-Day information collection notice.

-----------------------------------------------------------------------

SUMMARY: The DoD has submitted to the Office of Management and Budget 
(OMB) for clearance the following proposal for collection of 
information under the provisions of the Paperwork Reduction Act.

DATES: Consideration will be given to all comments received by October 
15, 2024.

ADDRESSES: Written comments and recommendations for the proposed 
information collection should be sent within 30 days of publication of 
this notice to www.reginfo.gov/public/do/PRAMain. Find this particular 
information collection by selecting ``Currently under 30-day Review--
Open for Public Comments'' or by using the search function.

FOR FURTHER INFORMATION CONTACT: Reginald Lucas, (571) 372-7574, 
[email protected].

SUPPLEMENTARY INFORMATION: 
    Title; Associated Form; and OMB Number: Certificate Pertaining to 
Foreign Interests; SF-328; OMB Control Number 0704-0579.
    Type of Request: Revision.
    Number of Respondents: 62,950.
    Responses per Respondent: 1.
    Annual Responses: 62,950.
    Average Burden per Response: 100 minutes.
    Annual Burden Hours: 104,917.
    Needs and Uses: Information collection via the Standard Form (SF) 
328, ``Certificate Pertaining to Foreign Interests,'' is necessary to 
support the execution of 32 CFR part 117, ``National Industrial 
Security Program (NISPOM),''

[[Page 74278]]

dated December 21, 2020, or equivalent. Executive Order (E.O.) 12829, 
as amended, ``National Industrial Security Program (NISP),'' section 
202 (a) stipulates that the Secretary of Defense serves as the 
Executive Agent for inspecting and monitoring the contractors, 
licensees, and grantees who require or will require access to, or who 
store or will store classified information; and for determining 
eligibility for access to classified information of contractors, 
licensees, and grantees and their respective employees. Section 202 (e) 
also authorizes the Executive Agent to issue, after consultation with 
affected agencies, standard forms that will promote the implementation 
of the NISP.
    E.O. 12829 was amended by E.O. 13691, adding the Secretary of 
Homeland Security as the fifth Cognizant Security Agency. Section 202 
(d) of E.O. 12829 stipulates that the Secretary of Homeland Security 
may determine the eligibility for access to Classified National 
Security Information of contractors, licensees and grantees and their 
respective employees under a designated critical infrastructure 
protection program, including parties to agreements with such programs. 
The Secretary of Homeland Security also may inspect and monitor the 
contractors, grantees or licensees and facilities or may enter into 
written agreements with the Secretary of Defense, as Executive Agent or 
with the office of the Director of Intelligence/Director of Central 
Intelligence Agency to inspect and monitor these programs in whole or 
in part on behalf of the Secretary of Homeland Security. The specific 
requirements necessary to protect classified information released to 
private industry are found in NISPOM; found in DoDI 5220.31 ``National 
Industrial Security Program (NISP),'' which incorporates and cancels 
DoD Instruction 5220.22, ``National Industrial Security Program,'' 
March 18, 2011, as amended. The SF 328 incorporates its usage for the 
NISP portion of the Classified Critical Infrastructure Protection 
Program as stipulated under E.O. 12829, as amended by E.O. 13691. 
Revisions to the SF 328 will also incorporate its usage under the DoD's 
Innovation initiative through the DoD Enhanced Security Program (DESP), 
pursuant to section 951 of Public Law 114-328 (10 U.S.C. 1564 note). 
The DESP is a DoD only initiative and is not part of the NISP. 
Companies participating under the DESP do not require a DoD contract 
but are required to enter into a Memorandum of Agreement. Completion of 
the SF 328 and submission of supporting documentation (e.g., company or 
entity charter documents, board meeting minutes, stock or securities 
information, descriptions of organizational structures, contracts, 
sales, leases and/or loan agreements and revenue documents, annual 
reports and income statements, etc.) is part of the eligibility 
determination for access to classified information and/or issuance of 
an Entity Eligibility Determination (also known as a Facility Security 
Clearance).
    Section 847 of the National Defense Authorization Act for Fiscal 
Year 2020 (Pub. L. 116-92), ``Mitigating Risks Related to Foreign 
Ownership, Control, or Influence of Department of Defense Contractors 
or Subcontractors,'' requires the Secretary for Defense to improve the 
process and procedures for the assessment and mitigation of risks 
related to FOCI of contractors and subcontractors doing business with 
the DoD, in conjunction with the Departments efforts to develop and 
implement an improved analytical framework for mitigating risk relating 
to ownership structure, as required by 10 U.S.C. 2509 and section 847 
of Public Law 116-92. To fulfill the requirements of sec. 847, 
contractors and subcontractors must disclose to DCSA their beneficial 
ownership and whether they are under FOCI, and to update those 
disclosures when changes occur to information previously provided 
consistent with the requirements of the NISPOM. In addition, sec. 847 
provides for the creation of other measures as necessary to be 
consistent with other relevant authorities, including the NISP.
    The Small Business Innovation Research and Small Business 
Technology Transfer (SBIR/STTR) Extension Act of 2022, Public Law 117-
183, section 4, ``Foreign Risk Management'' (DoD SBIR/STTR programs), 
requires the head of each Federal agency required to establish a SBIR 
or STTR program to implement a due diligence program to assess security 
risks presented by small business concerns seeking federal awards. 
These security risks includes, among other things, foreign interested-
related risks. The DoD intends to utilize the SF 328 as the basis for 
information collection for DoD SBIR/STTR program participants to 
disclose their foreign interests, and to report any future changes, as 
appropriate. For DoD SBIR/STTR, the DoD will use this form to collect 
information to conduct a risk-based due diligence review and assess 
security risks presented by small business concerns seeking a federally 
funded award through the DoD SBIR/STTR programs. The submission will be 
required to be submitted as part of the SBIR/STTR solicitation package, 
and details concerning its submission will be included in the 
solicitation published to perspective submitters.
    The use of the SF 328 will also be required by the forthcoming 
Cybersecurity Maturity Model Certification (CMMC) program, which is 
currently in the Rulemaking process under 32 CFR part 170. The CMMC 
program will require CMMC Level 2 Certification Assessments be 
conducted by a CMMC Third Party Assessment Organization (C3PAO), 
accredited by the DoD approved CMMC Accreditation Body (AB). To be 
accredited, the CMMC AB and all C3PAOs must receive a favorable 
adjudication and not be subject to a level of risk from Foreign 
Ownership, Control, or Influence (FOCI) as determined by the CMMC 
Program Management Office (PMO). DCSA will conduct the FOCI assessments 
for the CMMC AB and C3PAOs after they are nominated by the CMMC PMO.
    The multiple authorized uses of this form will create uniformity 
among numerous authorities responsible for the vetting or review of 
companies or entities for foreign interest-related risks. In addition, 
it will establish more consistency among industry concerning their 
basic information submission requirements regarding foreign interest 
information.
    The submission of the SF-328, and supporting documentation, may be 
done electronically through a government approved system of record.
    Affected Public: Business or other for profit; Not-for-profit 
institutions.
    Frequency: On occasion.
    Respondent's Obligation: Voluntary.
    OMB Desk Officer: Ms. Jasmeet Seehra.
    You may also submit comments and recommendations, identified by 
Docket ID number and title, by the following method:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
    Instructions: All submissions received must include the agency 
name, Docket ID number, and title for this Federal Register document. 
The general policy for comments and other submissions from members of 
the public is to make these submissions available for public viewing on 
the internet at http://www.regulations.gov as they are received without 
change, including any personal identifiers or contact information.
    DoD Clearance Officer: Mr. Reginald Lucas.

[[Page 74279]]

    Requests for copies of the information collection proposal should 
be sent to Mr. Lucas at [email protected].

    Dated: September 4, 2024.
Aaron T. Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 2024-20650 Filed 9-11-24; 8:45 am]
BILLING CODE 6001-FR-P