Personal computers server computers

Document Sample
Personal computers server computers Powered By Docstoc

      Proposed Rules                                                                                                Federal Register
                                                                                                                    Vol. 70, No. 51

                                                                                                                    Thursday, March 17, 2005

      This section of the FEDERAL REGISTER                    (IM–30), 1000 Independence Avenue,                    maintenance of nuclear weapons. DOE
      contains notices to the public of the proposed          SW., Washington, DC 20585, (202) 586–                 is obligated to protect, according to the
      issuance of rules and regulations. The                  0940, or Samuel M. Bradley, U.S.                      requirements of various laws,
      purpose of these notices is to give interested          Department of Energy, Office of General               regulations, and directives, information
      persons an opportunity to participate in the            Counsel (GC–53), 1000 Independence                    which it creates, collects, and
      rule making prior to the adoption of the final
                                                              Avenue, SW., Washington, DC 20585,                    maintains. Much of this information is
                                                              (202) 586–6738.                                       sensitive but unclassified.
                                                              SUPPLEMENTARY INFORMATION:                               In recent years, in order to protect its
      DEPARTMENT OF ENERGY                                                                                          information, DOE has developed and
                                                              I. Background
                                                              II. Description of the Proposed Rule                  elaborated policies that limit
      National Nuclear Security                               III. Regulatory Review                                unauthorized access to DOE computer
      Administration                                                                                                systems, particularly those used for
                                                              I. Background                                         work with classified information, and
      10 CFR Part 727                                            Pursuant to the DOE Organization Act               assure that no employee misuses the
                                                              (42 U.S.C. 7101, et seq.) and the Atomic              computers assigned for the performance
      48 CFR Parts 904 and 952                                Energy Act of 1954 (AEA) (42 U.S.C.                   of work-related assignments. DOE has
      [Docket No. NNSA–RM–00–3235]                            2011, et seq.), DOE carries out a variety             issued these policies in the form of
                                                              of programs, including defense nuclear                internal directives in the DOE Directives
      RIN 1992–AA27                                           programs. DOE performs its defense                    System. These directives apply to DOE
                                                              nuclear program activities in the                     employees and to DOE contractors to
      Computer Security; Access to                            Washington, DC, area, and at locations                the extent their contracts require
      Information on Department of Energy                     that DOE owns around the United                       compliance. Directives that apply to
      Computers and Computer Systems                          States, including national laboratories               DOE contractors are listed in an
      AGENCY:Department of Energy.                            and nuclear weapons production                        appendix to the contracts under the
                                                              facilities. Prime contractors operate the             standard Laws, Regulations, and DOE
      ACTION:Notice of proposed rulemaking
                                                              national laboratories and production                  Directives clause that is set forth at 48
      and opportunity for public comment.
                                                              facilities.                                           CFR 970.5204–2.
      SUMMARY: The Department of Energy                          DOE, as the successor agency to the                   The directives issued by DOE relating
      (DOE) is proposing regulations to codify                Atomic Energy Commission, has broad                   to computer security include DOE
      minimum requirements governing                          responsibilities under the AEA to                     Notice 205.3, Password Generation,
      access to information on Department of                  protect sensitive and classified                      Protection, and Use, which establishes
      Energy computers.                                       information and materials involved in                 minimum requirements for the
      DATES: DOE must receive comments on                     the design, production, and                           generation, protection, and use of
      the proposed rulemaking by May 16,                      maintenance of nuclear weapons. (42                   passwords to support authentication
      2005.                                                   U.S.C. 2161–69, 2201) DOE also has a                  when accessing classified and
                                                              general obligation to ensure that                     unclassified DOE information systems
      ADDRESSES:   You may submit comments                    permitting an individual to have access               where feasible; and DOE Order 471 .2A,
      (8 copies), identified by Docket Number                 to information classified under the AEA               Information Security Program, and DOE
      NNSA–RM–00–3235 and/or RIN                              will not endanger the nation’s common                 Manual 471.2–2, Classified Information
      Number 1992–AA27, by any of the                         defense and security (42 U.S.C. 2165b).               Systems Security Manual, which require
      following methods:                                      In addition, various Executive Orders of              that warning banners appear whenever
        Federal eRulemaking Portal: http://                   government-wide applicability require                 an individual logs on to a DOE Follow the                         DOE to take steps to protect classified               computer. A DOE memorandum signed
      instructions for submitting comments.                   information. Executive Order No. 12958,               by the Chief Information Officer on June
        E-Mail: Include                    Classified National Security Information              17, 1999, requires that the banner
      Docket Number NNSA–RM–00–3235                           (April 17, 1995), requires the Secretary              inform users that activities on the
      and/or RIN Number 1992–AA27 in the                      to establish controls to ensure that                  system are subject to interception,
      subject line of the message.                            classified information is used only                   monitoring, recording, copying,
        Mail: Office of Nuclear Safeguards                    under conditions that provide adequate                auditing, inspection, and disclosure.
      and Security Programs (NA–55), U.S.                     protection and prevent access by                      The banner notifies users that continued
      Department of Energy, 1000                              unauthorized persons. Executive Order                 use of the system indicates awareness of
      Independence Avenue, SW.,                               No. 12968, Access to Classified                       and consent to such monitoring and
      Washington, DC 20585.                                   Information (August 2, 1995), requires                recording. Other directives relevant to
      FOR FURTHER INFORMATION CONTACT:                        the Secretary to establish and maintain               computer security include DOE 0 200.1,
      William Hunteman, NNSA Cyber                            an effective program to ensure that                   Information Management Program; DOE
      Security Program Manager, Office of                     employee access to classified                         P 205.1, Departmental Cyber Security
      Chief Information Officer, (NA–65),                     information is clearly consistent with                Management Program; DOE 0 205.1,
      1000 Independence Avenue, SW.,                          the interests of national security.                   Cyber Security Management Program;
      Washington, DC 20585, (202) 586–4775;                      However, DOE’s obligation to protect               DOE 0 470.1 Chg 1, Safeguards and
      Bruce Brody, Associate Chief                            information is not limited to classified              Security Program; DOE 0 471.1A,
      Information Officer for Cyber Security,                 information and materials involved in                 Identification and Protection of
      Office of the Chief Information Officer                 the design, production, and                           Unclassified Controlled Nuclear

VerDate jul<14>2003   14:48 Mar 16, 2005   Jkt 205001   PO 00000   Frm 00001   Fmt 4702   Sfmt 4702   E:\FR\FM\17MRP1.SGM   17MRP1
                              Federal Register / Vol. 70, No. 51 / Thursday, March 17, 2005 / Proposed Rules                                           12975

      Information; DOE 0 5639.8A, Security of                 individual who transfers information                  Section 727.6 What Are the
      Foreign Intelligence Information and                    from or onto computers owned by DOE.                  Obligations of a DOE Contractor?
      Sensitive Compartmented Information                     DOE also is proposing conforming                        This section would identify the
      Facilities; and DOE 0 5670.3,                           amendments to its acquisition                         obligations, and related record keeping
      Counterintelligence Program. These                      regulations that would apply to prime                 requirements, of a DOE contractor to
      directives are available for inspection                 contractors consistent with the terms of              ensure that neither its employees nor
      and downloading at the DOE Web site,                    their contracts with DOE.                             the employees of any of its DOE                             The Secretary has approved this                    subcontractors has access to information
        Sections 3235 and 3295(c) of the                      notice of proposed rulemaking for                     on a DOE computer unless the DOE
      National Defense Authorization Act for                  publication.                                          contractor has complied with the
      Fiscal Year 2000 (NDAA) (50 U.S.C.
                                                              II. Description of the Proposed Rule                  requirements of section 727.5 of part
      2425, 2483(c)) require DOE to
                                                                                                                    727 by obtaining a written
      promulgate regulations establishing
                                                                This portion of the SUPPLEMENTARY                   acknowledgment and consent from each
      certain requirements for access to
                                                              INFORMATION  provides supporting                      employee. This section would also cross
      information on National Nuclear
                                                              information to assist commenters in                   reference provisions of section 234B of
      Security Administration (NNSA or
                                                              understanding the basis and purpose of                the AEA which in some instances
      Administration) computers. The key
                                                              the proposed regulations.                             would authorize civil penalties and
      provision in section 3235 requires
      NNSA employees and contractor                                                                                 reduction in award fees against
                                                              A. Proposed Part 727
      employees with access to information                                                                          contractors determined to be in
      on NNSA computers to give written                       Section 727.1 What Is the Purpose and                 violation of part 727.
      consent for access by an authorized                     Scope of This Part?
                                                                                                                    B. Proposed Acquisition Regulatory
      investigative agency to any                               The stated purpose of part 727 would                Amendments
      Administration computer used in the                     be to codify minimum requirements                        The Department of Energy
      performance of his or her duties during                 governing access to information on DOE                Acquisition Regulation (DEAR) would
      the term of that employment and for a                   computers. The part also would deal                   be amended at 48 CFR part 904 by
      period of three years thereafter. Section               with the privacy expectations of any                  adding a requirement for contracting
      3235(c) defines the term ‘‘authorized                   person who uses a DOE computer by                     officers to insert a contract clause from
      investigative agency’’ to mean an agency                sending an e-mail message to it.                      part 952 addressing computer security.
      authorized by law or regulation to
                                                              Section 727.2 What Are the                            Part 952 of the DEAR would be
      conduct a counterintelligence
                                                              Definitions of the Terms Used in This                 amended to add a contract clause to be
      investigation or investigations of
                                                              Part?                                                 inserted in all contracts where the
      persons who are proposed for access to
                                                                                                                    contractor may have access to
      classified information to ascertain                        The term ‘‘computer’’ is broadly                   computers owned, leased, or operated
      whether such persons satisfy the criteria               defined to include computer networks,                 on behalf of the DOE. This clause
      for obtaining and retaining access to                   network devices and automated                         contains a flow down requirement for
      such information. The written consent                   information systems. DOE considered
      requirement in section 3235(a) is                                                                             all subcontracts where there may be
                                                              adding a definition for the term                      access to DOE computers.
      mandatory as it pertains to individuals                 ‘‘contractor.’’ DOE decided not to do so
      with access to or use of NNSA                                                                                 III. Regulatory Review
                                                              because, in context (see proposed
      computers or computer systems. An
                                                              section 727.6), it is clear that the term             A. National Environmental Policy Act
      individual who does not provide such
                                                              applies only to entities that have a                    DOE has determined that this
      written consent will not be allowed
                                                              direct contractual relationship with                  proposed rule is covered under the
      access to or use of NNSA computers or
                                                              DOE. DOE invites comment on this                      Categorical Exclusion found in the
      computer systems.
        Upon recommendation of the                            choice including any suggested                        Department’s National Environmental
      Administrator of NNSA, the Secretary of                 definition.                                           Policy Act regulations at paragraph A.6
      Energy has determined that the                          Section 727.4 Is There Any                            of Appendix A to subpart D, 10 CFR
      requirements of section 3235 should be                  Expectation of Privacy Applicable to a                part 1021, which applies to rule
      applied to the entire DOE complex. In                   DOE Computer?                                         makings that are strictly procedural.
      arriving at this determination, the                                                                           Accordingly, neither an environmental
      Secretary took into account that the                      This section makes clear that no user               assessment nor an environmental
      considerations underlying section 3235                  of a DOE computer, including any                      impact statement is required.
      with respect to information on NNSA                     person who sends an e-mail message to
      computers also apply to other                           a DOE computer, would have any                        B. Regulatory Flexibility Act
      information on computers throughout                     expectation of privacy in the use of that               The Regulatory Flexibility Act (5
      the DOE complex, the requirements of                    DOE computer.                                         U.S.C. 601 et seq.) requires preparation
      section 3235 are similar to DOE’s                       Section 727.5 What Acknowledgment                     of an initial regulatory flexibility
      present computer access policies, and                   and Consent Is Required for Access to                 analysis for any rule that by law must
      that DOE and DOE contractor computers                   Information on DOE Computers?                         be proposed for public comment, unless
      occasionally contain NNSA information.                                                                        the agency certifies that the rule, if
        Consistent with section 3235 and                        This section would describe the                     promulgated, will not have a significant
      general rulemaking authorities in the                   nature of the written consent required                economic impact on a substantial
      DOE Organization Act, DOE today is                      for access to information on a DOE                    number of small entities. As required by
      proposing a new part 727 to codify                      computer. Every DOE and contractor                    Executive Order 13272, ‘‘Proper
      computer access policies which would                    employee subject to the rule would be                 Consideration of Small Entities in
      apply to all DOE employees,                             required to sign a written                            Agency Rulemaking,’’ 67 FR 53461
      contractors, contractor employees and                   acknowledgment and consent form in                    (August 16, 2002), DOE published
      subcontractor employees, and any other                  accordance with this section.                         procedures and policies on February 19,

VerDate jul<14>2003   14:48 Mar 16, 2005   Jkt 205001   PO 00000   Frm 00002   Fmt 4702   Sfmt 4702   E:\FR\FM\17MRP1.SGM   17MRP1
      12976                   Federal Register / Vol. 70, No. 51 / Thursday, March 17, 2005 / Proposed Rules

      2003, to ensure that the potential                      Paperwork Reduction Project), U.S.                    $100 million or more in any one year.
      impacts of its rules on small entities are              Department of Energy, 1000                            Accordingly, no assessment or analysis
      properly considered during the                          Independence Ave., SW., Washington,                   is required under the Unfunded
      rulemaking process (68 FR 7990). DOE                    DC 20585–1290. OMB is particularly                    Mandates Reform Act of 1995.
      has made its procedures and policies                    interested in comments on: (1) The
                                                                                                                    E. Treasury and General Government
      available on the Office of General                      necessity for the proposed collection of
                                                                                                                    Appropriations Act, 1999
      Counsel’s Web site: http://                             information, including whether the                                         information will have practical utility;                 Section 654 of the Treasury and
        DOE has reviewed today’s proposed                     (2) the accuracy of the Department’s                  General Government Appropriations
      rule under the provisions of the                        burden estimates; (3) ways to enhance                 Act, 1999 (Pub. L. 105–277) requires
      Regulatory Flexibility Act and the                      the quality, utility, and clarity of the              Federal agencies to issue a Family
      procedures and policies published on                    information to be collected; and (4)                  Policymaking Assessment for any
      February 19, 2003. This proposed rule                   ways to minimize the burden of the                    proposed rule that may affect family
      would not directly regulate small                       collection of information on                          well being. While this proposed rule
      businesses or other small entities. The                 respondents, including the use of                     applies to individuals who may be
      proposed rule would apply only to                       automated collection techniques or                    members of a family, the rule does not
      individuals who use DOE computers.                      other forms of information technology.                have any impact on the autonomy or
      Under the rule, DOE and DOE                               Notwithstanding any other provision                 integrity of the family as an institution.
      contractor employees, or applicants for                 of law, no person is required to respond              Accordingly, DOE has concluded that it
      such positions, would be required to                    to, nor shall any person be subject to a              is not necessary to prepare a Family
      execute a written acknowledgment and                    penalty for failure to comply with, a                 Policymaking Assessment.
      consent provided by DOE. Although a                     collection of information subject to the
      small number of individuals subject to                  requirements of the PRA, unless that                  F. Executive Order 12866
      this rule may work for DOE                              collection of information displays a                     Section 6 of Executive Order 12866
      subcontractors who are small entities,                  currently valid OMB Control Number.                   provides for a review by the Office of
      the costs associated with compliance                                                                          Information and Regulatory Affairs
                                                              D. Unfunded Mandates Reform Act of                    (OIRA) of a significant regulatory action,
      with the rule’s requirements would be
                                                              1995                                                  which is defined to include an action
      negligible and in most cases
      reimbursable under the contract. On the                    The Unfunded Mandates Reform Act                   that may have an effect on the economy
      basis of the foregoing, DOE certifies that              of 1995 (Pub. L. 104–4) generally                     of $100 million or more, or adversely
      the proposed rule, if promulgated would                 requires Federal agencies to examine                  affect, in a material way, the economy,
      not have a significant economic impact                  closely the impacts of regulatory actions             competition, jobs, productivity, the
      on a substantial number of small                        on State, local, and tribal governments.              environment, public health or safety, or
      entities. Accordingly, DOE has not                      Subsection 101(5) of title I of that law              State, local, or tribal governments. DOE
      prepared a regulatory flexibility analysis              defines a Federal intergovernmental                   has concluded that this proposed rule is
      for this rulemaking. DOE’s certification                mandate to include any regulation that                not a significant regulatory action.
      and supporting statement of factual                     would impose upon State, local, or
                                                              tribal governments an enforceable duty,               G. Executive Order 13132
      basis will be provided to the Chief
      Counsel for Advocacy of the Small                       except a condition of Federal assistance                 Executive Order 13132 (64 FR 43255,
      Business Administration pursuant to 5                   or a duty arising from participating in a             August 4, 1999) imposes certain
      U.S.C. 605(b).                                          voluntary federal program. Title II of                requirements on agencies formulating
                                                              that law requires each Federal agency to              and implementing policies or
      C. Paperwork Reduction Act                              assess the effects of Federal regulatory              regulations that preempt State law or
        This proposed rule contains a                         actions on State, local, and tribal                   that have federalism implications.
      collection of information subject to                    governments, in the aggregate, or to the              Agencies are required to examine the
      review and approval by the Office of                    private sector, other than to the extent              constitutional and statutory authority
      Management and Budget (OMB) under                       such actions merely incorporate                       supporting any action that would limit
      the Paperwork Reduction Act (PRA), 44                   requirements specifically set forth in a              the policymaking discretion of the
      U.S.C. 3501 et seq. Proposed § 727.6(b)                 statute. Section 202 of that title requires           States and carefully assess the necessity
      would require DOE contractors to                        a Federal agency to perform a detailed                for such actions. DOE has examined this
      maintain a file of written                              assessment of the anticipated costs and               proposed rule and has determined that
      acknowledgments and consents                            benefits of any rule that includes a                  it would not preempt State law and
      executed by its employees and                           Federal mandate which may result in                   would not have a substantial direct
      subcontractor employees. This                           costs to State, local, or tribal                      effect on the States, on the relationship
      collection of information has been                      governments, or to the private sector, of             between the national government and
      submitted to OMB for approval. DOE                      $100 million or more. Section 204 of                  the States, or on the distribution of
      estimates the total annual recordkeeping                that title requires each agency that                  power and responsibilities among the
      burden from this collection of                          proposes a rule containing a significant              various levels of government. No further
      information to be 20,000 hours.                         Federal intergovernmental mandate to                  action is required by Executive Order
        Send comments regarding this burden                   develop an effective process for                      13132.
      estimate, and any other aspect of this                  obtaining meaningful and timely input
      collection of information, to OMB at the                from elected officers of State, local, and            H. Executive Order 12988
      Office of Information and Regulatory                    tribal governments.                                     With respect to the review of existing
      Affairs, Washington, DC 20503                              This proposed rule does not impose a               regulations and the promulgation of
      (Attention: DOE Desk Officer). The                      Federal mandate on State, local or tribal             new regulations, section 3(a) of
      Department asks interested persons to                   governments. This proposed rule will                  Executive Order 12988, Civil Justice
      send a copy of their comments to the                    not result in the expenditure by State,               Reform, 61 FR 4729 (February 7, 1996),
      Office of the Chief Information Officer,                local, and tribal governments in the                  imposes on Executive agencies the
      Records Management Division, IM–11,                     aggregate, or by the private sector, of               general duty to adhere to the following

VerDate jul<14>2003   14:48 Mar 16, 2005   Jkt 205001   PO 00000   Frm 00003   Fmt 4702   Sfmt 4702   E:\FR\FM\17MRP1.SGM   17MRP1
                              Federal Register / Vol. 70, No. 51 / Thursday, March 17, 2005 / Proposed Rules                                            12977

      requirements: (1) Eliminate drafting                    List of Subjects                                      automated information systems, or other
      errors and ambiguity; (2) write                                                                               related computer equipment owned by,
                                                              10 CFR Part 727
      regulations to minimize litigation; and                                                                       leased, or operated on behalf of the
      (3) provide a clear legal standard for                    Classified information, Computers,                  DOE.
      affected conduct rather than a general                  Contractor employees, Government                        DOE means the Department of Energy,
      standard and promote simplification                     employees, National defense, Security                 including the National Nuclear Security
      and burden reduction. With regard to                    information.                                          Administration.
      the review required by section 3(a),                    48 CFR Chapter 9                                        DOE, or Department, computer means
      section 3(b) of Executive Order 12988                                                                         any computer owned by, leased, or
                                                                Government procurement.                             operated on behalf of the DOE.
      specifically requires that Executive
      agencies make every reasonable effort to                  Issued in Washington, DC on January 31,               Individual means an employee of DOE
      ensure that the regulation: (1) Clearly                 2005.                                                 or a DOE contractor, or any other person
      specifies the preemptive effect, if any;                Kyle McSlarrow,                                       who has been granted access to a DOE
      (2) clearly specifies any effect on                     Deputy Secretary.                                     computer.
      existing Federal law or regulation; (3)                   For the reasons stated in the                         User means any person, including any
      provides a clear legal standard for                     preamble, DOE hereby proposes to                      individual or member of the public,
      affected conduct while promoting                        amend chapter III of title 10 and chapter             who sends information to or receives
      simplification and burden reduction; (4)                9 of title 48 of the Code of Federal                  information from, or otherwise accesses
      specifies the retroactive effect, if any; (5)           Regulations as set forth below:                       a DOE computer.
      adequately defines key terms; and (6)                     1. 10 CFR Part 727 is added to read                 § 727.3   To whom does this part apply?
      addresses other important issues                        as follows:                                              This part applies to DOE employees,
      affecting clarity and general                                                                                 DOE contractors, DOE contractor and
      draftsmanship under any guidelines                      PART 727—CONSENT FOR ACCESS
                                                              TO INFORMATION ON DEPARTMENT                          subcontractor employees, and any other
      issued by the Attorney General. Section                                                                       individual who transfers information
      3(c) of Executive Order 12988 requires                  OF ENERGY COMPUTERS
                                                                                                                    from or to a DOE computer.
      Executive agencies to review regulations                Sec.
      in light of applicable standards in                     727.1 What is the purpose and scope of this           § 727.4 Is there any expectation of privacy
      section 3(a) and section 3(b) to                             part?                                            applicable to a DOE computer?
      determine whether they are met or it is                 727.2 What are the definitions of the terms             Notwithstanding any other provision
      unreasonable to meet one or more of                          used in this part?                               of law (including any provision of law
      them. DOE has completed the required                    727.3 To whom does this part apply?                   enacted by the Electronic
                                                              727.4 Is there any expectation of privacy             Communications Privacy Act of 1986),
      review and determined that, to the
                                                                   applicable to a DOE computer?
      extent permitted by law, the proposed                                                                         no user of a DOE computer, including
                                                              727.5 What acknowledgment and consent is
      rule meets the relevant standards of                         required for access to information on            any person who sends an e-mail
      Executive Order 12988.                                       DOE computers?                                   message to a DOE computer, shall have
                                                              727.6 What are the obligations of a DOE               any expectation of privacy in the use of
      I. Executive Order 13084                                     contractor?                                      that DOE computer.
         Under Executive Order 13084                            Authority: 42 U.S.C. 7101, et seq.; 42              § 727.5 What acknowledgment and
      (Consultation and Coordination with                     U.S.C. 2011, et seq.; 50 U.S.C. 2425, 2483;           consent is required for access to
      Indian Tribal Governments), DOE may                     E.O. 12958, 60 FR 19825, 3 CFR, 1995 Comp.,           information on DOE computers?
                                                              p. 333; E.O. 12968, 60 FR 40245, 3 CFR, 1995
      not issue a discretionary rule that                                                                             An individual may not have access to
                                                              Comp., p. 391.
      significantly or uniquely affects Indian                                                                      information on a DOE computer unless:
      tribal governments and imposes                          § 727.1 What is the purpose and scope of                (a) The individual has acknowledged
      substantial direct compliance costs.                    this part?                                            in writing that the individual has no
      This proposed rule would not have such                    The purpose of this part is to establish            expectation of privacy in the use of a
      effects. Accordingly, Executive Order                   minimum requirements applicable to all                DOE computer; and
      13084 does not apply to this                            DOE employees, DOE contractors, DOE                     (b) The individual has consented in
      rulemaking.                                             contractor and subcontractor employees                writing to permit access by an
                                                              for access to any DOE computer,                       authorized investigative agency to any
      J. Treasury and General Government                                                                            DOE computer used during the period
                                                              including a requirement for written
      Appropriations Act, 2001                                                                                      of that individual’s access to
                                                              consent to access by an authorized
        The Treasury and General                              investigative agency to any DOE                       information on a DOE computer and for
      Government Appropriations Act, 2001                     computer used in the performance of                   a period of three years thereafter.
      (44 U.S.C. 3516, note) provides for                     the employee’s duties during the term of
                                                                                                                    § 727.6 What are the obligations of a DOE
      agencies to review most disseminations                  that individual’s employment and for a                contractor?
      of information to the public under                      period of three years thereafter. This
                                                              part also applies to any person who uses                 (a) A DOE contractor must ensure that
      guidelines established by each agency                                                                         neither its employees nor the employees
      pursuant to general guidelines issued by                a DOE computer by sending an e-mail
                                                              message to such a computer.                           of any of its subcontractors has access
      OMB.                                                                                                          to information on a DOE computer
        OMB’s guidelines were published at                    § 727.2 What are the definitions of the               unless the DOE contractor has obtained
      67 FR 8452 (February 22, 2002), and                     terms used in this part?                              a written acknowledgment and consent
      DOE’s guidelines were published at 67                      For purposes of this part:                         by each contractor or subcontractor
      FR 62446 (October 7, 2002). DOE has                        Computer means desktop computers,                  employee that complies with the
      reviewed today’s notice under the OMB                   portable computers, computer networks                 requirements of § 727.5 of this part.
      and DOE guidelines and has concluded                    (including the DOE network and local                     (b) A DOE contractor must maintain a
      that it is consistent with applicable                   area networks at or controlled by DOE                 file of original written acknowledgments
      policies in those guidelines.                           organizations), network devices,                      and consents executed by its employees

VerDate jul<14>2003   14:48 Mar 16, 2005   Jkt 205001   PO 00000   Frm 00004   Fmt 4702   Sfmt 4702   E:\FR\FM\17MRP1.SGM   17MRP1
      12978                   Federal Register / Vol. 70, No. 51 / Thursday, March 17, 2005 / Proposed Rules

      and all subcontractors employees that                      (2) The individual has consented in writing        which could result in premature
      comply with the requirements of § 727.5                 to permit access by an authorized                     tripping of the power junction box main
      of this part.                                           investigative agency to any DOE computer              feeder circuit breakers and could lead to
                                                              used during the period of that individual’s           partial or complete loss of all electrical
        (c) Upon demand by the cognizant
                                                              access to information on a DOE computer,
      DOE contracting officer, a DOE                          and for a period of three years thereafter.
                                                                                                                    power on the airplane. This failure
      contractor must provide an opportunity                     (c) No expectation of privacy.                     could lead to the loss of all navigation
      for a DOE official to inspect the file                  Notwithstanding any other provision of law            and communication equipment and
      compiled under this section and to copy                 (including any provision of law enacted by            lighting in the cockpit.
      any portion of the file.                                the Electronic Communications Privacy Act             DATES: We must receive any comments
        (d) If a DOE contractor violates the                  of 1986), no individual using a DOE                   on this proposed AD by May 16, 2005.
      requirements of this section with regard                computer shall have any expectation of
                                                                                                                    ADDRESSES: Use one of the following to
      to a DOE computer with Restricted Data                  privacy in the use of that computer.
                                                                 (d) Written records. The contractor is             submit comments on this proposed AD:
      or other classified information, then the                                                                        • DOT Docket Web site: Go to
                                                              responsible for maintaining written records
      DOE contractor may be assessed a civil                  for itself and subcontractors demonstrating  and follow the
      penalty or a reduction in fee pursuant                  compliance with the provisions of paragraph           instructions for sending your comments
      to section 234B of the Atomic Energy                    (b) of this section. The contractor agrees to         electronically.
      Act of 1954 (42 U.S.C. 2282b).                          provide access to these records to the DOE,              • Government-wide rulemaking Web
        2. The authority citation for parts 904               or its authorized agents, upon request.               site: Go to
      and 952 continues to read as follows:                      (e) Subcontracts. The contractor shall             and follow the instructions for sending
                                                              insert this clause, including this paragraph
        Authority: 42 U.S.C.2201, 2282a, 2282b,                                                                     your comments electronically.
                                                              (e), in subcontracts under this contract that
      2282c, 7101 et seq.; 41 U.S.C. 418b; 50 U.S.C.
                                                              may provide access to computers owned,
                                                                                                                       • Mail: Docket Management Facility;
      2401 et seq.                                                                                                  U.S. Department of Transportation, 400
                                                              leased or operated on behalf of the DOE.
                                                                                                                    Seventh Street, SW., Nassif Building,
      PART 904—ADMINISTRATIVE                                 [FR Doc. 05–5183 Filed 3–16–05; 8:45 am]              Room PL–401, Washington, DC 20590–
      MATTERS                                                 BILLING CODE 6450–01–P                                001.
        3. Section 904.404 is amended by                                                                               • Fax: 1–202–493–2251.
      adding a new paragraph (d)(7) to read as                                                                         • Hand Delivery: Room PL–401 on
      follows:                                                DEPARTMENT OF TRANSPORTATION                          the plaza level of the Nassif Building,
                                                                                                                    400 Seventh Street, SW., Washington,
      904.404 Solicitation provision and                      Federal Aviation Administration                       DC, between 9 a.m. and 5 p.m., Monday
      contract clause. [DOE coverage—paragraph                                                                      through Friday, except Federal holidays.
      (d)]                                                    14 CFR Part 39                                           To get the service information
        (d) * * *                                                                                                   identified in this proposed AD, contact
                                                              [Docket No. FAA–2005–20438; Directorate
        (7) Computer Security, 952.204–XX.                    Identifier 2005–CE–03–AD]                             Cessna Aircraft Company, Product
      This clause is required in contracts in                                                                       Support, P.O. Box 7706, Wichita,
      which the contractor may have access to                 RIN 2120–AA64                                         Kansas 67277; telephone: (316) 517–
      computers owned, leased or operated on                                                                        5800; facsimile: (316) 942–9006.
      behalf of the Department of Energy.                     Airworthiness Directives; Cessna                         To view the comments to this
                                                              Aircraft Company Models 172R, 172S,                   proposed AD, go to
      PART 952—SOLICITATION                                   182T, T182T, 206H, and T206H                          The docket number is FAA–2005–
      PROVISIONS AND CONTRACT                                 Airplanes                                             20438; Directorate Identifier 2005–CE–
      CLAUSES                                                                                                       03–AD.
                                                              AGENCY: Federal Aviation
        4. Section 952.204–XX is added to                     Administration (FAA), DOT.                            FOR FURTHER INFORMATION CONTACT: Jose
      read as follows:                                        ACTION: Notice of proposed rulemaking                 Flores, Aerospace Engineer, Wichita
                                                              (NPRM).                                               Aircraft Certification Office (ACO),
      952.204–XX      Computer Security.                                                                            FAA, 1801 Airport Road, Wichita,
        As prescribed in 904.404(d)(7), insert                SUMMARY: The FAA proposes to adopt a                  Kansas 67209; telephone: (316) 946–
      the following clause:                                   new airworthiness directive (AD) for                  4133; facsimile: (316) 946–4107.
      Computer Security (xx xxxx)                             certain Cessna Aircraft Company                       SUPPLEMENTARY INFORMATION:
                                                              (Cessna) Models 172R, 172S, 182T,
      (a) Definitions                                         T182T, 206H, and T206H airplanes.                     Comments Invited
         (1) Computer means desktop computers,                This proposed AD would require you to                   How do I comment on this proposed
      portable computers, computer networks                   inspect any MC01–3A I.C. 9 or MC01–                   AD? We invite you to submit any
      (including the DOE Network and local area               3A I.C. 10 main electrical power                      written relevant data, views, or
      networks at or controlled by DOE
      organizations), network devices, automated
                                                              junction box circuit breakers for correct             arguments regarding this proposal. Send
      information systems, and or other related               amperage (amp) (a correct 40-amp                      your comments to an address listed
      computer equipment owned by, leased, or                 circuit breaker) and replace any                      under ADDRESSES. Include the docket
      operated on behalf of the DOE.                          incorrect amp circuit breaker with the                number, ‘‘FAA–2005–20438; Directorate
         (2) Individual means a DOE contractor or             correct 40-amp circuit breaker. This                  Identifier 2005–CE–03–AD’’ at the
      subcontractor employee, or any other person             proposed AD results from several                      beginning of your comments. We will
      who has been granted access to a DOE                    reports of circuit breakers that are not              post all comments we receive, without
      computer.                                               the correct 40-amp circuit breaker                    change, to, including
         (b) Access to DOE computers. A contractor            installed in the MC01–3A main                         any personal information you provide.
      shall not allow an individual to have access
      to information on a DOE computer unless:
                                                              electrical power junction box. We are                 We will also post a report summarizing
         (1) The individual has acknowledged in               issuing this proposed AD to replace any               each substantive verbal contact with
      writing that the individual has no                      incorrect circuit breaker installed in the            FAA personnel concerning this
      expectation of privacy in the use of a DOE              MC01–3A I.C. 9 or MC01–3A I.C. 10                     proposed rulemaking. Using the search
      computer; and,                                          main electrical power junction box,                   function of our docket Web site, anyone

VerDate jul<14>2003   14:48 Mar 16, 2005   Jkt 205001   PO 00000   Frm 00005   Fmt 4702   Sfmt 4702   E:\FR\FM\17MRP1.SGM   17MRP1