NASA proposed Rule: Personal Identity Verification of Contractors

[Federal Register: August 6, 2008 (Volume 73, Number 152)] [Proposed Rules] [Page 45679-45680] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr06au08-25]

NATIONAL AERONAUTICS AND SPACE ADMINISTRATION

48 CFR Parts 1804 and 1852

RIN 2700-AD38

Personal Identity Verification of Contractors

AGENCY: National Aeronautics and Space Administration.

ACTION: Proposed rule.

SUMMARY: NASA proposes to revise the NASA FAR Supplement (NFS) to update procedures for compliance with Federal Acquisition Regulation (FAR) Subpart 4.13, Personal Identity Verification of Contractor Personnel. FAR 4.13 requires that agencies include their implementing guidance of FIPS 201 and OMB guidance M-05-24 in solicitations and contracts that require the contractor to have routine physical access to Federally-controlled facilities and/or access to Federally- controlled information systems. NASA further proposes to designate The Assistant Administrator, Office of Security and Program Protection as the official with overall responsibility for verifying contractor employee personal identity.

DATES: Comments should be submitted on or before October 6, 2008 to be considered in formulation of the final rule.

ADDRESSES: Interested parties may submit comments, identified by RIN number 2700-AD38, via the Federal eRulemaking Portal: http:// www.regulations.gov. Follow the instructions for submitting comments. Comments may also be submitted to Leigh Pomponio, NASA Headquarters, Office of Procurement, Contract Management Division, Washington, DC 20546. Comments may also be submitted by e-mail to Leigh.Pomponio- 1@nasa.gov.

FOR FURTHER INFORMATION CONTACT: Leigh Pomponio, NASA, Office of Procurement, Contract Management Division (Room 5K75); (202) 358-4773; e-mail: Leigh.Pomponio-1@nasa.gov.

SUPPLEMENTARY INFORMATION:

A. Background

Federal Acquisition Circular (FAC 2005-14) implemented a final rule amending the FAR by addressing the contractor personal identification requirements in Homeland Security Presidential Directive (HSPD-12), “Policy for a Common Identification Standard for Federal Employees and Contractors,” and Federal Information Processing Standards Publication (FIPS PUB) Number 201, “Personal Identity Verification (PIV) of Federal Employees and Contractors.” Section 304(A) of the National Aeronautics and Space Act of 1958, 42 U.S.C., Section 2455, provides that the NASA Administrator shall establish such security requirements, restrictions, and safeguards as he deems necessary, and he may arrange for such personnel investigations of contractor and subcontractor employees as he deems appropriate. NASA’s implementing guidance, to be used in conjunction with FAR clause 52.204-9, Personal Identity Verification of Contractor Personnel, is set forth in NASA Interim Directive (NID) Personal Identity Verification (PIV) Policy and Procedures, dated May 24, 2007, to NASA Policy Regulation (NPR)-1600.1, NASA Security Program Procedural Requirements w/Change 1. The purpose of this proposed rule is to establish a new NFS Subpart 1804.13 to address NASA PIV requirements.

This is not a significant regulatory action and, therefore, is not subject to review under Section 6(b) of Executive Order 12866, Regulatory Planning and Review, dated September 30, 1993. This proposed rule is not a major rule under 5 U.S.C. 804.

B. Regulatory Flexibility Act

NASA certifies that this proposed rule will not have a significant economic impact on a substantial number of small entities within the meaning of the Regulatory Flexibility Act, 5 U.S.C. 601 et seq., because it merely implements the FAR Common Identification Standard for Contractors and does not impose an economic impact beyond that addressed in the FAC 2005-14 publication of the FAR final rule.

C. Paperwork Reduction Act

The Paperwork Reduction Act (Pub. L. 104-13) is not applicable because the NFS changes do not impose information collection requirements that require the approval of the Office of Management and Budget under 44 U.S.C. 3501, et seq.

List of Subjects in 48 CFR Parts 1804 and 1852

Government procurement.

William P. McNally, Assistant Administrator for Procurement.

Accordingly, 48 CFR parts 1804 and 1852 are proposed to be amended as follows:

1. The authority citation for 48 CFR parts 1804 and 1852 continues to read as follows:

Authority: 42 U.S.C. 2455(a), 2473(c)(1).

PART 1804–ADMINISTRATIVE MATTERS

2. Subpart 1804.13 is added to read as follows:

Subpart 1804.13–Personal Identity Verification of Contractor Personnel

Sec.

1804.1303 Contract clause.

1804.1303-70 NASA contract clause.

The contracting officer shall insert the clause at 1852.204-77, NASA Procedures for Personal Identity Verification of Contractor Personnel, in solicitations and contracts when the Center Chief of Security has determined that a contractor will require routine access to Federally-controlled facilities or access to Federally-controlled information systems. The Center Chief shall make such a determination, on a case-by-case basis, as part of acquisition planning. Section 1807.104(a) requires the contracting officer to coordinate new requirements with the security office and cites NASA NPR 1600.1, NASA Security Program Procedural Requirements, as the procedural document for identifying and processing contractor employees requiring personal identity verification. Clause 1852.204-77 will be used in conjunction with the clause at FAR 52.204-9 Personal Identity Verification of Contractor Personnel.

PART 1852–SOLICITATION PROVISIONS AND CONTRACT CLAUSES

3. Section 1852.204-77 is added to read as follows:

1852.204-77 NASA Procedures for Personal Identity Verification of Contractor Personnel.

As prescribed in 1804.1303-70, insert the following clause: NASA PROCEDURES FOR PERSONAL IDENTITY VERIFICATION OF CONTRACTOR PERSONNEL (XX/XX)

(a) Performance of this contract requires physical access to Federally-controlled facilities and/or access to Federally- controlled information systems, as determined by NASA. In accordance with FAR 52.204-9, Personal Identity Verification of Contractor Personnel, the Contractor shall comply with NASA Policy Regulation 1600.1, NASA Security Program Procedural Requirements, including all associated changes and interim directives (referred to hereafter as “the NPR”). Electronic copies are available at http:// nodis.hq.nasa.gov or from the Contracting Officer. NPR 1600.1 implements Homeland Security Presidential Directive 12 (HSPD-12), Office of Management and Budget (OMB) guidance M-05-24, as amended, and Federal Information Processing Standards Publication (FIPS PUB) Number 201, as amended.

(b) The Contractor must apply for NASA badges for all employees and subcontractor employees at any tier requiring physical access to NASA facilities and/or access to Federally-controlled information systems, following the procedures set forth in the NPR. The Contractor is responsible for collecting and submitting all requests for subcontractor badges, regardless of subcontract tier. If approved by the Center Chief of Security, badges will be issued for no longer than the contract period of performance inclusive of options, but not to exceed 5 years. Badge renewal will be required for additional periods. All personnel issued badges must conspicuously display the badge above the waistline on the outermost garment, and must comply with all requirements applicable to badges in effect at the Center.

(c) NASA will make suitability/access determinations and the Center Chief of Security or the PIV Authorizer, in accordance with NPR 1600.1, Section 6.2, will approve the issuance of badges based upon a background investigation. Criteria for access will be per 5 CFR part 731. At a minimum, a National Agency Check with Written Inquiries (NACI) will be required. The NPR also specifies higher level reinvestigation requirements which may be applicable, for example due to position risk level changes or time since last investigation.

(d) Other employees who may require access on a non-routine or infrequent basis are to be identified by the Contractor for approval and registered on an access list under the control of the Center security office, as set forth in Center procedures.

(e) Prior to the initiation of contract performance, the Contractor must designate a person responsible for determining that an employee (or an employee of a subcontractor at any tier) requires physical access to NASA-controlled facilities and/or access to federally-controlled information systems in order to perform work under the contract. This designated person acts as the Contractor’s “Requestor.” The Contractor’s Requestor will also be responsible for providing updated information as changes occur during the period of contract performance (e.g., additions, deletions, and position risk changes), and for managing all subcontractor requests. The Contractor’s Requestor shall provide a list of names, along with their position titles and position description summaries to the following Center point of contact to initiate the personal identity verification credential process. This information shall be submitted in sufficient time to allow badge issuance before the employee requires access to the NASA-controlled facility or access to the federally-controlled information system. Additional information will be required subsequent to the initial list, as directed by the Center Chief of Security.

(Insert Center point of contact)

(f) The Contractor shall include the terms of this clause (except for paragraph (e)), suitably modified to identify the parties, in all subcontracts when the subcontractor is required to have routine physical access to Federally-controlled facilities and/ or access to federally-controlled information systems. The clause shall not be used when contractors require only intermittent access to federally-controlled facilities. (End of clause) [FR Doc. E8-17951 Filed 8-5-08; 8:45 am]

BILLING CODE 7510-01-P