Tomorrow’s Federal Register will contain a notice from GSA (attached below) requesting comments on a proposed collection of information as required by the Paperwork Reduction Act (PRA). Under the PRA, no agency may request that ten or more persons provide information to the government unless they receive permission for the information collection from the Office of Management and Budget (OMB). Prior to OMB review, the public is provided an opportunity to comment on the proposed information collection. Issues on which comment is requested include the necessity of the information collection and estimates of the collection’s burden on the private sector.
In response to an OIG audit recommendation, GSA developed a rule that will require that
contractors, within 30 days after contract award to submit an IT Security Plan to the Contracting Officer and Contacting Officer’s Representative that describes the processes and procedures that will be followed to ensure appropriate security of IT resources that are developed, processes, or used under the contract. The rule will also require that contractors submit written proof of IT security authorization six months after contract award, and verify that the IT Security Plan remains valid annually.
As explained above, under the PRA, GSA is not able to require submisson of the IT Security Plan prior to public comment and OMB review and approval. Comments on the proposed information collection are due to GSA in sixty days. Please see the Federal Register notice below for more information.
Leave a Reply