Proposed Rules Federal Register
Vol. 70, No. 51
Thursday, March 17, 2005
This section of the FEDERAL REGISTER (IM–30), 1000 Independence Avenue, maintenance of nuclear weapons. DOE
contains notices to the public of the proposed SW., Washington, DC 20585, (202) 586– is obligated to protect, according to the
issuance of rules and regulations. The 0940, or Samuel M. Bradley, U.S. requirements of various laws,
purpose of these notices is to give interested Department of Energy, Office of General regulations, and directives, information
persons an opportunity to participate in the Counsel (GC–53), 1000 Independence which it creates, collects, and
rule making prior to the adoption of the final
Avenue, SW., Washington, DC 20585, maintains. Much of this information is
(202) 586–6738. sensitive but unclassified.
SUPPLEMENTARY INFORMATION: In recent years, in order to protect its
DEPARTMENT OF ENERGY information, DOE has developed and
II. Description of the Proposed Rule elaborated policies that limit
National Nuclear Security III. Regulatory Review unauthorized access to DOE computer
Administration systems, particularly those used for
I. Background work with classified information, and
10 CFR Part 727 Pursuant to the DOE Organization Act assure that no employee misuses the
(42 U.S.C. 7101, et seq.) and the Atomic computers assigned for the performance
48 CFR Parts 904 and 952 Energy Act of 1954 (AEA) (42 U.S.C. of work-related assignments. DOE has
[Docket No. NNSA–RM–00–3235] 2011, et seq.), DOE carries out a variety issued these policies in the form of
of programs, including defense nuclear internal directives in the DOE Directives
RIN 1992–AA27 programs. DOE performs its defense System. These directives apply to DOE
nuclear program activities in the employees and to DOE contractors to
Computer Security; Access to Washington, DC, area, and at locations the extent their contracts require
Information on Department of Energy that DOE owns around the United compliance. Directives that apply to
Computers and Computer Systems States, including national laboratories DOE contractors are listed in an
AGENCY:Department of Energy. and nuclear weapons production appendix to the contracts under the
facilities. Prime contractors operate the standard Laws, Regulations, and DOE
ACTION:Notice of proposed rulemaking
national laboratories and production Directives clause that is set forth at 48
and opportunity for public comment.
facilities. CFR 970.5204–2.
SUMMARY: The Department of Energy DOE, as the successor agency to the The directives issued by DOE relating
(DOE) is proposing regulations to codify Atomic Energy Commission, has broad to computer security include DOE
minimum requirements governing responsibilities under the AEA to Notice 205.3, Password Generation,
access to information on Department of protect sensitive and classified Protection, and Use, which establishes
Energy computers. information and materials involved in minimum requirements for the
DATES: DOE must receive comments on the design, production, and generation, protection, and use of
the proposed rulemaking by May 16, maintenance of nuclear weapons. (42 passwords to support authentication
2005. U.S.C. 2161–69, 2201) DOE also has a when accessing classified and
general obligation to ensure that unclassified DOE information systems
ADDRESSES: You may submit comments permitting an individual to have access where feasible; and DOE Order 471 .2A,
(8 copies), identified by Docket Number to information classified under the AEA Information Security Program, and DOE
NNSA–RM–00–3235 and/or RIN will not endanger the nation’s common Manual 471.2–2, Classified Information
Number 1992–AA27, by any of the defense and security (42 U.S.C. 2165b). Systems Security Manual, which require
following methods: In addition, various Executive Orders of that warning banners appear whenever
Federal eRulemaking Portal: http:// government-wide applicability require an individual logs on to a DOE
www.regulations.gov. Follow the DOE to take steps to protect classified computer. A DOE memorandum signed
instructions for submitting comments. information. Executive Order No. 12958, by the Chief Information Officer on June
E-Mail: email@example.com. Include Classified National Security Information 17, 1999, requires that the banner
Docket Number NNSA–RM–00–3235 (April 17, 1995), requires the Secretary inform users that activities on the
and/or RIN Number 1992–AA27 in the to establish controls to ensure that system are subject to interception,
subject line of the message. classified information is used only monitoring, recording, copying,
Mail: Office of Nuclear Safeguards under conditions that provide adequate auditing, inspection, and disclosure.
and Security Programs (NA–55), U.S. protection and prevent access by The banner notifies users that continued
Department of Energy, 1000 unauthorized persons. Executive Order use of the system indicates awareness of
Independence Avenue, SW., No. 12968, Access to Classified and consent to such monitoring and
Washington, DC 20585. Information (August 2, 1995), requires recording. Other directives relevant to
FOR FURTHER INFORMATION CONTACT: the Secretary to establish and maintain computer security include DOE 0 200.1,
William Hunteman, NNSA Cyber an effective program to ensure that Information Management Program; DOE
Security Program Manager, Office of employee access to classified P 205.1, Departmental Cyber Security
Chief Information Officer, (NA–65), information is clearly consistent with Management Program; DOE 0 205.1,
1000 Independence Avenue, SW., the interests of national security. Cyber Security Management Program;
Washington, DC 20585, (202) 586–4775; However, DOE’s obligation to protect DOE 0 470.1 Chg 1, Safeguards and
Bruce Brody, Associate Chief information is not limited to classified Security Program; DOE 0 471.1A,
Information Officer for Cyber Security, information and materials involved in Identification and Protection of
Office of the Chief Information Officer the design, production, and Unclassified Controlled Nuclear
VerDate jul<14>2003 14:48 Mar 16, 2005 Jkt 205001 PO 00000 Frm 00001 Fmt 4702 Sfmt 4702 E:\FR\FM\17MRP1.SGM 17MRP1
Federal Register / Vol. 70, No. 51 / Thursday, March 17, 2005 / Proposed Rules 12975
Information; DOE 0 5639.8A, Security of individual who transfers information Section 727.6 What Are the
Foreign Intelligence Information and from or onto computers owned by DOE. Obligations of a DOE Contractor?
Sensitive Compartmented Information DOE also is proposing conforming This section would identify the
Facilities; and DOE 0 5670.3, amendments to its acquisition obligations, and related record keeping
Counterintelligence Program. These regulations that would apply to prime requirements, of a DOE contractor to
directives are available for inspection contractors consistent with the terms of ensure that neither its employees nor
and downloading at the DOE Web site, their contracts with DOE. the employees of any of its DOE
http://www.directives.doe.gov. The Secretary has approved this subcontractors has access to information
Sections 3235 and 3295(c) of the notice of proposed rulemaking for on a DOE computer unless the DOE
National Defense Authorization Act for publication. contractor has complied with the
Fiscal Year 2000 (NDAA) (50 U.S.C.
II. Description of the Proposed Rule requirements of section 727.5 of part
2425, 2483(c)) require DOE to
727 by obtaining a written
promulgate regulations establishing
This portion of the SUPPLEMENTARY acknowledgment and consent from each
certain requirements for access to
INFORMATION provides supporting employee. This section would also cross
information on National Nuclear
information to assist commenters in reference provisions of section 234B of
Security Administration (NNSA or
understanding the basis and purpose of the AEA which in some instances
Administration) computers. The key
the proposed regulations. would authorize civil penalties and
provision in section 3235 requires
NNSA employees and contractor reduction in award fees against
A. Proposed Part 727
employees with access to information contractors determined to be in
on NNSA computers to give written Section 727.1 What Is the Purpose and violation of part 727.
consent for access by an authorized Scope of This Part?
B. Proposed Acquisition Regulatory
investigative agency to any The stated purpose of part 727 would Amendments
Administration computer used in the be to codify minimum requirements The Department of Energy
performance of his or her duties during governing access to information on DOE Acquisition Regulation (DEAR) would
the term of that employment and for a computers. The part also would deal be amended at 48 CFR part 904 by
period of three years thereafter. Section with the privacy expectations of any adding a requirement for contracting
3235(c) defines the term ‘‘authorized person who uses a DOE computer by officers to insert a contract clause from
investigative agency’’ to mean an agency sending an e-mail message to it. part 952 addressing computer security.
authorized by law or regulation to
Section 727.2 What Are the Part 952 of the DEAR would be
conduct a counterintelligence
Definitions of the Terms Used in This amended to add a contract clause to be
investigation or investigations of
Part? inserted in all contracts where the
persons who are proposed for access to
contractor may have access to
classified information to ascertain The term ‘‘computer’’ is broadly computers owned, leased, or operated
whether such persons satisfy the criteria defined to include computer networks, on behalf of the DOE. This clause
for obtaining and retaining access to network devices and automated contains a flow down requirement for
such information. The written consent information systems. DOE considered
requirement in section 3235(a) is all subcontracts where there may be
adding a definition for the term access to DOE computers.
mandatory as it pertains to individuals ‘‘contractor.’’ DOE decided not to do so
with access to or use of NNSA III. Regulatory Review
because, in context (see proposed
computers or computer systems. An
section 727.6), it is clear that the term A. National Environmental Policy Act
individual who does not provide such
applies only to entities that have a DOE has determined that this
written consent will not be allowed
direct contractual relationship with proposed rule is covered under the
access to or use of NNSA computers or
DOE. DOE invites comment on this Categorical Exclusion found in the
Upon recommendation of the choice including any suggested Department’s National Environmental
Administrator of NNSA, the Secretary of definition. Policy Act regulations at paragraph A.6
Energy has determined that the Section 727.4 Is There Any of Appendix A to subpart D, 10 CFR
requirements of section 3235 should be Expectation of Privacy Applicable to a part 1021, which applies to rule
applied to the entire DOE complex. In DOE Computer? makings that are strictly procedural.
arriving at this determination, the Accordingly, neither an environmental
Secretary took into account that the This section makes clear that no user assessment nor an environmental
considerations underlying section 3235 of a DOE computer, including any impact statement is required.
with respect to information on NNSA person who sends an e-mail message to
computers also apply to other a DOE computer, would have any B. Regulatory Flexibility Act
information on computers throughout expectation of privacy in the use of that The Regulatory Flexibility Act (5
the DOE complex, the requirements of DOE computer. U.S.C. 601 et seq.) requires preparation
section 3235 are similar to DOE’s Section 727.5 What Acknowledgment of an initial regulatory flexibility
present computer access policies, and and Consent Is Required for Access to analysis for any rule that by law must
that DOE and DOE contractor computers Information on DOE Computers? be proposed for public comment, unless
occasionally contain NNSA information. the agency certifies that the rule, if
Consistent with section 3235 and This section would describe the promulgated, will not have a significant
general rulemaking authorities in the nature of the written consent required economic impact on a substantial
DOE Organization Act, DOE today is for access to information on a DOE number of small entities. As required by
proposing a new part 727 to codify computer. Every DOE and contractor Executive Order 13272, ‘‘Proper
computer access policies which would employee subject to the rule would be Consideration of Small Entities in
apply to all DOE employees, required to sign a written Agency Rulemaking,’’ 67 FR 53461
contractors, contractor employees and acknowledgment and consent form in (August 16, 2002), DOE published
subcontractor employees, and any other accordance with this section. procedures and policies on February 19,
VerDate jul<14>2003 14:48 Mar 16, 2005 Jkt 205001 PO 00000 Frm 00002 Fmt 4702 Sfmt 4702 E:\FR\FM\17MRP1.SGM 17MRP1
12976 Federal Register / Vol. 70, No. 51 / Thursday, March 17, 2005 / Proposed Rules
2003, to ensure that the potential Paperwork Reduction Project), U.S. $100 million or more in any one year.
impacts of its rules on small entities are Department of Energy, 1000 Accordingly, no assessment or analysis
properly considered during the Independence Ave., SW., Washington, is required under the Unfunded
rulemaking process (68 FR 7990). DOE DC 20585–1290. OMB is particularly Mandates Reform Act of 1995.
has made its procedures and policies interested in comments on: (1) The
E. Treasury and General Government
available on the Office of General necessity for the proposed collection of
Appropriations Act, 1999
Counsel’s Web site: http:// information, including whether the
www.gc.doe.gov. information will have practical utility; Section 654 of the Treasury and
DOE has reviewed today’s proposed (2) the accuracy of the Department’s General Government Appropriations
rule under the provisions of the burden estimates; (3) ways to enhance Act, 1999 (Pub. L. 105–277) requires
Regulatory Flexibility Act and the the quality, utility, and clarity of the Federal agencies to issue a Family
procedures and policies published on information to be collected; and (4) Policymaking Assessment for any
February 19, 2003. This proposed rule ways to minimize the burden of the proposed rule that may affect family
would not directly regulate small collection of information on well being. While this proposed rule
businesses or other small entities. The respondents, including the use of applies to individuals who may be
proposed rule would apply only to automated collection techniques or members of a family, the rule does not
individuals who use DOE computers. other forms of information technology. have any impact on the autonomy or
Under the rule, DOE and DOE Notwithstanding any other provision integrity of the family as an institution.
contractor employees, or applicants for of law, no person is required to respond Accordingly, DOE has concluded that it
such positions, would be required to to, nor shall any person be subject to a is not necessary to prepare a Family
execute a written acknowledgment and penalty for failure to comply with, a Policymaking Assessment.
consent provided by DOE. Although a collection of information subject to the
small number of individuals subject to requirements of the PRA, unless that F. Executive Order 12866
this rule may work for DOE collection of information displays a Section 6 of Executive Order 12866
subcontractors who are small entities, currently valid OMB Control Number. provides for a review by the Office of
the costs associated with compliance Information and Regulatory Affairs
D. Unfunded Mandates Reform Act of (OIRA) of a significant regulatory action,
with the rule’s requirements would be
1995 which is defined to include an action
negligible and in most cases
reimbursable under the contract. On the The Unfunded Mandates Reform Act that may have an effect on the economy
basis of the foregoing, DOE certifies that of 1995 (Pub. L. 104–4) generally of $100 million or more, or adversely
the proposed rule, if promulgated would requires Federal agencies to examine affect, in a material way, the economy,
not have a significant economic impact closely the impacts of regulatory actions competition, jobs, productivity, the
on a substantial number of small on State, local, and tribal governments. environment, public health or safety, or
entities. Accordingly, DOE has not Subsection 101(5) of title I of that law State, local, or tribal governments. DOE
prepared a regulatory flexibility analysis defines a Federal intergovernmental has concluded that this proposed rule is
for this rulemaking. DOE’s certification mandate to include any regulation that not a significant regulatory action.
and supporting statement of factual would impose upon State, local, or
tribal governments an enforceable duty, G. Executive Order 13132
basis will be provided to the Chief
Counsel for Advocacy of the Small except a condition of Federal assistance Executive Order 13132 (64 FR 43255,
Business Administration pursuant to 5 or a duty arising from participating in a August 4, 1999) imposes certain
U.S.C. 605(b). voluntary federal program. Title II of requirements on agencies formulating
that law requires each Federal agency to and implementing policies or
C. Paperwork Reduction Act assess the effects of Federal regulatory regulations that preempt State law or
This proposed rule contains a actions on State, local, and tribal that have federalism implications.
collection of information subject to governments, in the aggregate, or to the Agencies are required to examine the
review and approval by the Office of private sector, other than to the extent constitutional and statutory authority
Management and Budget (OMB) under such actions merely incorporate supporting any action that would limit
the Paperwork Reduction Act (PRA), 44 requirements specifically set forth in a the policymaking discretion of the
U.S.C. 3501 et seq. Proposed § 727.6(b) statute. Section 202 of that title requires States and carefully assess the necessity
would require DOE contractors to a Federal agency to perform a detailed for such actions. DOE has examined this
maintain a file of written assessment of the anticipated costs and proposed rule and has determined that
acknowledgments and consents benefits of any rule that includes a it would not preempt State law and
executed by its employees and Federal mandate which may result in would not have a substantial direct
subcontractor employees. This costs to State, local, or tribal effect on the States, on the relationship
collection of information has been governments, or to the private sector, of between the national government and
submitted to OMB for approval. DOE $100 million or more. Section 204 of the States, or on the distribution of
estimates the total annual recordkeeping that title requires each agency that power and responsibilities among the
burden from this collection of proposes a rule containing a significant various levels of government. No further
information to be 20,000 hours. Federal intergovernmental mandate to action is required by Executive Order
Send comments regarding this burden develop an effective process for 13132.
estimate, and any other aspect of this obtaining meaningful and timely input
collection of information, to OMB at the from elected officers of State, local, and H. Executive Order 12988
Office of Information and Regulatory tribal governments. With respect to the review of existing
Affairs, Washington, DC 20503 This proposed rule does not impose a regulations and the promulgation of
(Attention: DOE Desk Officer). The Federal mandate on State, local or tribal new regulations, section 3(a) of
Department asks interested persons to governments. This proposed rule will Executive Order 12988, Civil Justice
send a copy of their comments to the not result in the expenditure by State, Reform, 61 FR 4729 (February 7, 1996),
Office of the Chief Information Officer, local, and tribal governments in the imposes on Executive agencies the
Records Management Division, IM–11, aggregate, or by the private sector, of general duty to adhere to the following
VerDate jul<14>2003 14:48 Mar 16, 2005 Jkt 205001 PO 00000 Frm 00003 Fmt 4702 Sfmt 4702 E:\FR\FM\17MRP1.SGM 17MRP1
Federal Register / Vol. 70, No. 51 / Thursday, March 17, 2005 / Proposed Rules 12977
requirements: (1) Eliminate drafting List of Subjects automated information systems, or other
errors and ambiguity; (2) write related computer equipment owned by,
10 CFR Part 727
regulations to minimize litigation; and leased, or operated on behalf of the
(3) provide a clear legal standard for Classified information, Computers, DOE.
affected conduct rather than a general Contractor employees, Government DOE means the Department of Energy,
standard and promote simplification employees, National defense, Security including the National Nuclear Security
and burden reduction. With regard to information. Administration.
the review required by section 3(a), 48 CFR Chapter 9 DOE, or Department, computer means
section 3(b) of Executive Order 12988 any computer owned by, leased, or
Government procurement. operated on behalf of the DOE.
specifically requires that Executive
agencies make every reasonable effort to Issued in Washington, DC on January 31, Individual means an employee of DOE
ensure that the regulation: (1) Clearly 2005. or a DOE contractor, or any other person
specifies the preemptive effect, if any; Kyle McSlarrow, who has been granted access to a DOE
(2) clearly specifies any effect on Deputy Secretary. computer.
existing Federal law or regulation; (3) For the reasons stated in the User means any person, including any
provides a clear legal standard for preamble, DOE hereby proposes to individual or member of the public,
affected conduct while promoting amend chapter III of title 10 and chapter who sends information to or receives
simplification and burden reduction; (4) 9 of title 48 of the Code of Federal information from, or otherwise accesses
specifies the retroactive effect, if any; (5) Regulations as set forth below: a DOE computer.
adequately defines key terms; and (6) 1. 10 CFR Part 727 is added to read § 727.3 To whom does this part apply?
addresses other important issues as follows: This part applies to DOE employees,
affecting clarity and general DOE contractors, DOE contractor and
draftsmanship under any guidelines PART 727—CONSENT FOR ACCESS
TO INFORMATION ON DEPARTMENT subcontractor employees, and any other
issued by the Attorney General. Section individual who transfers information
3(c) of Executive Order 12988 requires OF ENERGY COMPUTERS
from or to a DOE computer.
Executive agencies to review regulations Sec.
in light of applicable standards in 727.1 What is the purpose and scope of this § 727.4 Is there any expectation of privacy
section 3(a) and section 3(b) to part? applicable to a DOE computer?
determine whether they are met or it is 727.2 What are the definitions of the terms Notwithstanding any other provision
unreasonable to meet one or more of used in this part? of law (including any provision of law
them. DOE has completed the required 727.3 To whom does this part apply? enacted by the Electronic
727.4 Is there any expectation of privacy Communications Privacy Act of 1986),
review and determined that, to the
applicable to a DOE computer?
extent permitted by law, the proposed no user of a DOE computer, including
727.5 What acknowledgment and consent is
rule meets the relevant standards of required for access to information on any person who sends an e-mail
Executive Order 12988. DOE computers? message to a DOE computer, shall have
727.6 What are the obligations of a DOE any expectation of privacy in the use of
I. Executive Order 13084 contractor? that DOE computer.
Under Executive Order 13084 Authority: 42 U.S.C. 7101, et seq.; 42 § 727.5 What acknowledgment and
(Consultation and Coordination with U.S.C. 2011, et seq.; 50 U.S.C. 2425, 2483; consent is required for access to
Indian Tribal Governments), DOE may E.O. 12958, 60 FR 19825, 3 CFR, 1995 Comp., information on DOE computers?
p. 333; E.O. 12968, 60 FR 40245, 3 CFR, 1995
not issue a discretionary rule that An individual may not have access to
Comp., p. 391.
significantly or uniquely affects Indian information on a DOE computer unless:
tribal governments and imposes § 727.1 What is the purpose and scope of (a) The individual has acknowledged
substantial direct compliance costs. this part? in writing that the individual has no
This proposed rule would not have such The purpose of this part is to establish expectation of privacy in the use of a
effects. Accordingly, Executive Order minimum requirements applicable to all DOE computer; and
13084 does not apply to this DOE employees, DOE contractors, DOE (b) The individual has consented in
rulemaking. contractor and subcontractor employees writing to permit access by an
for access to any DOE computer, authorized investigative agency to any
J. Treasury and General Government DOE computer used during the period
including a requirement for written
Appropriations Act, 2001 of that individual’s access to
consent to access by an authorized
The Treasury and General investigative agency to any DOE information on a DOE computer and for
Government Appropriations Act, 2001 computer used in the performance of a period of three years thereafter.
(44 U.S.C. 3516, note) provides for the employee’s duties during the term of
§ 727.6 What are the obligations of a DOE
agencies to review most disseminations that individual’s employment and for a contractor?
of information to the public under period of three years thereafter. This
part also applies to any person who uses (a) A DOE contractor must ensure that
guidelines established by each agency neither its employees nor the employees
pursuant to general guidelines issued by a DOE computer by sending an e-mail
message to such a computer. of any of its subcontractors has access
OMB. to information on a DOE computer
OMB’s guidelines were published at § 727.2 What are the definitions of the unless the DOE contractor has obtained
67 FR 8452 (February 22, 2002), and terms used in this part? a written acknowledgment and consent
DOE’s guidelines were published at 67 For purposes of this part: by each contractor or subcontractor
FR 62446 (October 7, 2002). DOE has Computer means desktop computers, employee that complies with the
reviewed today’s notice under the OMB portable computers, computer networks requirements of § 727.5 of this part.
and DOE guidelines and has concluded (including the DOE network and local (b) A DOE contractor must maintain a
that it is consistent with applicable area networks at or controlled by DOE file of original written acknowledgments
policies in those guidelines. organizations), network devices, and consents executed by its employees
VerDate jul<14>2003 14:48 Mar 16, 2005 Jkt 205001 PO 00000 Frm 00004 Fmt 4702 Sfmt 4702 E:\FR\FM\17MRP1.SGM 17MRP1
12978 Federal Register / Vol. 70, No. 51 / Thursday, March 17, 2005 / Proposed Rules
and all subcontractors employees that (2) The individual has consented in writing which could result in premature
comply with the requirements of § 727.5 to permit access by an authorized tripping of the power junction box main
of this part. investigative agency to any DOE computer feeder circuit breakers and could lead to
used during the period of that individual’s partial or complete loss of all electrical
(c) Upon demand by the cognizant
access to information on a DOE computer,
DOE contracting officer, a DOE and for a period of three years thereafter.
power on the airplane. This failure
contractor must provide an opportunity (c) No expectation of privacy. could lead to the loss of all navigation
for a DOE official to inspect the file Notwithstanding any other provision of law and communication equipment and
compiled under this section and to copy (including any provision of law enacted by lighting in the cockpit.
any portion of the file. the Electronic Communications Privacy Act DATES: We must receive any comments
(d) If a DOE contractor violates the of 1986), no individual using a DOE on this proposed AD by May 16, 2005.
requirements of this section with regard computer shall have any expectation of
ADDRESSES: Use one of the following to
to a DOE computer with Restricted Data privacy in the use of that computer.
(d) Written records. The contractor is submit comments on this proposed AD:
or other classified information, then the • DOT Docket Web site: Go to
responsible for maintaining written records
DOE contractor may be assessed a civil for itself and subcontractors demonstrating http://dms.dot.gov and follow the
penalty or a reduction in fee pursuant compliance with the provisions of paragraph instructions for sending your comments
to section 234B of the Atomic Energy (b) of this section. The contractor agrees to electronically.
Act of 1954 (42 U.S.C. 2282b). provide access to these records to the DOE, • Government-wide rulemaking Web
2. The authority citation for parts 904 or its authorized agents, upon request. site: Go to http://www.regulations.gov
and 952 continues to read as follows: (e) Subcontracts. The contractor shall and follow the instructions for sending
insert this clause, including this paragraph
Authority: 42 U.S.C.2201, 2282a, 2282b, your comments electronically.
(e), in subcontracts under this contract that
2282c, 7101 et seq.; 41 U.S.C. 418b; 50 U.S.C.
may provide access to computers owned,
• Mail: Docket Management Facility;
2401 et seq. U.S. Department of Transportation, 400
leased or operated on behalf of the DOE.
Seventh Street, SW., Nassif Building,
PART 904—ADMINISTRATIVE [FR Doc. 05–5183 Filed 3–16–05; 8:45 am] Room PL–401, Washington, DC 20590–
MATTERS BILLING CODE 6450–01–P 001.
3. Section 904.404 is amended by • Fax: 1–202–493–2251.
adding a new paragraph (d)(7) to read as • Hand Delivery: Room PL–401 on
follows: DEPARTMENT OF TRANSPORTATION the plaza level of the Nassif Building,
400 Seventh Street, SW., Washington,
904.404 Solicitation provision and Federal Aviation Administration DC, between 9 a.m. and 5 p.m., Monday
contract clause. [DOE coverage—paragraph through Friday, except Federal holidays.
(d)] 14 CFR Part 39 To get the service information
(d) * * * identified in this proposed AD, contact
[Docket No. FAA–2005–20438; Directorate
(7) Computer Security, 952.204–XX. Identifier 2005–CE–03–AD] Cessna Aircraft Company, Product
This clause is required in contracts in Support, P.O. Box 7706, Wichita,
which the contractor may have access to RIN 2120–AA64 Kansas 67277; telephone: (316) 517–
computers owned, leased or operated on 5800; facsimile: (316) 942–9006.
behalf of the Department of Energy. Airworthiness Directives; Cessna To view the comments to this
Aircraft Company Models 172R, 172S, proposed AD, go to http://dms.dot.gov.
PART 952—SOLICITATION 182T, T182T, 206H, and T206H The docket number is FAA–2005–
PROVISIONS AND CONTRACT Airplanes 20438; Directorate Identifier 2005–CE–
AGENCY: Federal Aviation
4. Section 952.204–XX is added to Administration (FAA), DOT. FOR FURTHER INFORMATION CONTACT: Jose
read as follows: ACTION: Notice of proposed rulemaking Flores, Aerospace Engineer, Wichita
(NPRM). Aircraft Certification Office (ACO),
952.204–XX Computer Security. FAA, 1801 Airport Road, Wichita,
As prescribed in 904.404(d)(7), insert SUMMARY: The FAA proposes to adopt a Kansas 67209; telephone: (316) 946–
the following clause: new airworthiness directive (AD) for 4133; facsimile: (316) 946–4107.
Computer Security (xx xxxx) certain Cessna Aircraft Company SUPPLEMENTARY INFORMATION:
(Cessna) Models 172R, 172S, 182T,
(a) Definitions T182T, 206H, and T206H airplanes. Comments Invited
(1) Computer means desktop computers, This proposed AD would require you to How do I comment on this proposed
portable computers, computer networks inspect any MC01–3A I.C. 9 or MC01– AD? We invite you to submit any
(including the DOE Network and local area 3A I.C. 10 main electrical power written relevant data, views, or
networks at or controlled by DOE
organizations), network devices, automated
junction box circuit breakers for correct arguments regarding this proposal. Send
information systems, and or other related amperage (amp) (a correct 40-amp your comments to an address listed
computer equipment owned by, leased, or circuit breaker) and replace any under ADDRESSES. Include the docket
operated on behalf of the DOE. incorrect amp circuit breaker with the number, ‘‘FAA–2005–20438; Directorate
(2) Individual means a DOE contractor or correct 40-amp circuit breaker. This Identifier 2005–CE–03–AD’’ at the
subcontractor employee, or any other person proposed AD results from several beginning of your comments. We will
who has been granted access to a DOE reports of circuit breakers that are not post all comments we receive, without
computer. the correct 40-amp circuit breaker change, to http://dms.dot.gov, including
(b) Access to DOE computers. A contractor installed in the MC01–3A main any personal information you provide.
shall not allow an individual to have access
to information on a DOE computer unless:
electrical power junction box. We are We will also post a report summarizing
(1) The individual has acknowledged in issuing this proposed AD to replace any each substantive verbal contact with
writing that the individual has no incorrect circuit breaker installed in the FAA personnel concerning this
expectation of privacy in the use of a DOE MC01–3A I.C. 9 or MC01–3A I.C. 10 proposed rulemaking. Using the search
computer; and, main electrical power junction box, function of our docket Web site, anyone
VerDate jul<14>2003 14:48 Mar 16, 2005 Jkt 205001 PO 00000 Frm 00005 Fmt 4702 Sfmt 4702 E:\FR\FM\17MRP1.SGM 17MRP1