Unknown. Final rule
3,284 words·~15 min read·
/register/2004/06/14/04-13319A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
--- schema: federal-register doc_type: fedreg source_file: FR-2004-06-14.xml --- 69 113 Monday, June 14, 2004 Contents African African Development Foundation NOTICES Meetings; Sunshine Act, 32969 04-13357 Agency Agency for Healthcare Research and Quality NOTICES Meetings: Health Care Policy and Research Special Emphasis Panel, 33023 04-13293 Agriculture Agriculture Department See Forest Service See Natural Resources Conservation Service NOTICES Agency information collection activities; proposals, submissions, and approvals, 32969-32972 04-13294 Army Army Department See Engineers Corps NOTICES Meetings:
Western Hemisphere Institute for Security Cooperation Board of Visitors, 32995 04-13268 Patent licenses; non-exclusive, exclusive, or partially exclusive: Detection of oxidizing agents in urine, 32995-32996 04-13270 Generating two-dimensional images of cervical tissue from three-dimensional hyperspectral cubes; method and apparatus, 32996 04-13269 Blind Blind or Severely Disabled, Committee for Purchase From People Who Are See Committee for Purchase From People Who Are Blind or Severely Disabled Broadcasting Broadcasting Board of Governors NOTICES Meetings;
Sunshine Act, 32977 04-13436 Centers Centers for Disease Control and Prevention NOTICES Agency information collection activities; proposals, submissions, and approvals, 33023-33026 04-13262 04-13263 04-13264 Grants and cooperative agreements; availability, etc.: Building healthcare capacity in United States and internationally, 33026-33029 04-13266 Human immunodeficiency virus (HIV)— Uganda; Information Education and Communication for Basic HIV Care Packages, 33029-33033 04-13193 Reports and guidance documents; availability, etc.:
Preventing transmission of infectious agents in healthcare settings; isolation precautions, 33034 04-13265 Children Children and Families Administration NOTICES Grants and cooperative agreements; availability, etc.: Early Learning Opportunities Act discretionary grants, 33181-33202 04-13079 Civil Civil Rights Commission NOTICES Meetings; advisory committees: Vermont, 32977 04-13332 Coast Guard Coast Guard RULES Pollution: Ballast water management reports; nonsubmission penalties, 32864-32871 04-13173 NOTICES Meetings:
Great Lakes Regional Waterways Management Forum, 33066 04-13380 Commerce Commerce Department See Industry and Security Bureau See International Trade Administration See National Institute of Standards and Technology See National Oceanic and Atmospheric Administration NOTICES Agency information collection activities; proposals, submissions, and approvals, 32977 04-13205 Commission of Fine Commission of Fine Arts NOTICES Meetings, 32995 04-13227 Committee for Purchase Committee for Purchase From People Who Are Blind or Severely Disabled NOTICES Procurement list; additions and deletions, 32975-32977 04-13295 04-13296 Council Council on Environmental Quality NOTICES Meetings:
National Environmental Policy Act
(NEPA)oversight, 33020 04-13236 Defense Defense Department See Army Department See Engineers Corps Education Education Department NOTICES Grants and cooperative agreements; availability, etc.: Special education and rehabilitative services— Children with Disabilities Technical Assistance and Dissemination to Improve Services and Results Program, 32997-33001 04-13330 Employment Employment Standards Administration NOTICES Minimum wages for Federal and federally-assisted construction; general wage determination decisions, 33071-33072 04-12910 Energy Energy Department See Federal Energy Regulatory Commission Engineers Engineers Corps NOTICES Environmental statements; availability, etc.: Oahu, HI; Ala Wai Canal Project, 32996-32997 04-13271 EPA Environmental Protection Agency PROPOSED RULES Air quality implementation plans; approval and promulgation; various States: Maryland, 32928-32932 04-13285 NOTICES Meetings: Science Advisory Board; correction, 33015 04-13286 Toxic and hazardous substances control: New chemicals— Receipt and status information, 33015-33020 04-13287 Environment Environmental Quality Council See Council on Environmental Quality Executive Executive Office of the President See Council on Environmental Quality See Trade Representative, Office of United States Farm Farm Credit Administration PROPOSED RULES Farm credit system: Federal Agricultural Mortgage Corp.; non-program investments and liquidity, 32905-32922 04-12998 FAA Federal Aviation Administration RULES Airworthiness directives: Eurocopter France, 32857-32859 04-12905 Hamilton Sundstrand Corp., 32855-32857 04-13145 Airworthiness standards: Special conditions— Gulfstream Aerospace LP Model Gulfstream 200 (Galaxy) airplanes, 32851-32853 04-13308 Raytheon Aircraft Co. Model MU-300 airplanes, 32849-32851 04-13306 Sabreliner Corp. Model NA-265-65 airplanes, 32853-32855 04-13311 Class E airspace, 32859-32863 04-13298 04-13299 04-13300 04-13302 04-13310 PROPOSED RULES Airworthiness directives: Bombardier, 32924-32927 04-13224 Short Brothers, 32922-32924 04-13223 NOTICES Agency information collection activities; proposals, submissions, and approvals, 33093 04-13305 Airport noise compatibility program: Jackson Hole Airport, WY, 33093-33094 04-13301 Meetings: Aging Transport Systems Rulemaking Advisory Committee, 33094 04-13297 RTCA, Inc., 33094-33095 04-13304 Passenger facility charges; applications, etc.: Charlotte/Douglas International Airport, NC, 33095-33096 04-13309 McAllen-Miller International, TX, 33096 04-13303 Yampa Valley Regional Airport, CO, 33096-33097 04-13307 FCC Federal Communications Commission RULES Radio services, special: Aviation services, 32877-32886 04-13323 NOTICES Agency information collection activities; proposals, submissions, and approvals, 33020-33021 04-13325 Rulemaking proceedings; petitions filed, granted, denied, etc., 04-13230 33021-33022 04-13324 Federal Energy Federal Energy Regulatory Commission NOTICES *Applications, hearings, determinations, etc.:* Devon Power LLC et al., 33001-33015 04-12921 Federal Railroad Federal Railroad Administration NOTICES Exemption petitions, etc.: Canadian Pacific Railway, 33097 04-13259 Union Pacific Railroad Co., 33097-33098 04-13258 Federal Reserve Federal Reserve System NOTICES Banks and bank holding companies: Change in bank control, 33022 04-13291 Formations, acquisitions, and mergers, 33022 04-13292 Meetings; Sunshine Act, 33022 04-13399 Fine Arts Fine Arts Commission See Commission of Fine Arts Fish Fish and Wildlife Service PROPOSED RULES Endangered and threatened species: Critical habitat designations— California red-legged frog, 32966-32968 04-13400 Food Food and Drug Administration RULES Food for human consumption: Current good manufacturing practice; meetings, 32863 04-13429 NOTICES Agency information collection activities; proposals, submissions, and approvals, 33034-33043 04-13211 04-13212 04-13213 04-13214 04-13215 04-13216 Reports and guidance documents; availability, etc.: Pediatric studies conducted for various supplements; medical and clinical pharmacology reviews; summaries, 33043 04-13217 Forest Forest Service NOTICES Agency information collection activities; proposals, submissions, and approvals, 32972-32974 04-13317 04-13318 Meetings: Resource Advisory Committees— Trinity County, 32974 04-13220 Health Health and Human Services Department See Agency for Healthcare Research and Quality See Centers for Disease Control and Prevention See Children and Families Administration See Food and Drug Administration NOTICES Meetings: Vital and Health Statistics National Committee, 33022-33023 04-13232 Homeland Homeland Security Department See Coast Guard NOTICES Reports and guidance documents; availability, etc.: National Environmental Policy Act (NEPA); implementation— Environmental Planning Program; management directive, 33043-33066 04-13111 Housing Housing and Urban Development Department NOTICES Agency information collection activities; proposals, submissions, and approvals, 33066-33068 04-13218 04-13219 04-13333 Industry Industry and Security Bureau NOTICES Export privileges, actions affecting: Arian Transportvermittlungs GmbH, 32978-32979 04-13275 Interior Interior Department See Fish and Wildlife Service See Land Management Bureau See National Park Service IRS Internal Revenue Service NOTICES Agency information collection activities; proposals, submissions, and approvals, 33099-33100 04-13331 International International Trade Administration NOTICES Antidumping: Carbon and certain alloy steel wire rod from— Mexico and Trinidad and Tobago, 32979 04-13329 Freshwater crawfish tail meat from— China, 32979-32982 04-13327 Softwood lumber products from— Canada, 33234-33255 04-13073 Stainless steel bar from— Germany, 32982-32984 04-13197 Italy, 32984-32986 04-13326 Countervailing duties: Softwood lumber products from— Canada, 33203-33235 04-13072 North American Free Trade Agreement (NAFTA); binational panel reviews: Softwood lumber products from— Canada, 32986-32987 04-13237 Senior Executive Service: Performance Review Board; membership, 32987 04-13289 International International Trade Commission NOTICES Import investigations: Electronic devices, including power adapters, converters, external batteries, and detachable tips used to power and/or charge mobile electronic products, 33069-33070 04-13226 Pressure sensitive plastic tape from— Italy, 33070 04-13247 Prestressed concrete steel wire strand from— Japan, 33071 04-13248 Meetings; Sunshine Act, 33071 04-13433 Labor Labor Department See Employment Standards Administration See Labor Statistics Bureau See Mine Safety and Health Administration MISSING FOR: Labor Statistics Bureau Labor Statistics Bureau NOTICES Agency information collection activities; proposals, submissions, and approvals, 33072-33074 04-13261 Land Land Management Bureau NOTICES Closure of public lands: California, 33068 04-13321 Environmental statements; availability, etc.: Northern San Juan Basin Coal Bed Methane Development Project, 33068-33069 04-12414 Recreation management restrictions, etc.: Amador and Calaveras Counties, CA; commercial kayak instruction on Mokelumne River; feasibility study, 33069 04-13320 Mine Mine Safety and Health Administration NOTICES Agency information collection activities; proposals, submissions, and approvals, 33074-33075 04-13260 National Archives National Archives and Records Administration RULES Public availability and use: NARA facilities; phone numbers, 32876-32877 04-13196 National Highway National Highway Traffic Safety Administration PROPOSED RULES Civil monetary penalties; inflation adjustment, 32963-32966 04-13056 Motor vehicle safety standards: Child restraint systems— Recordkeeping requirements, 32954-32963 04-13052 Event data recorders; minimum recording, data format, survivability, and information availability requirements, 32932-32954 04-13241 NOTICES Motor vehicle safety standards: Nonconforming vehicles— Importation eligibility; determinations, 33098-33099 04-13225 National Institute National Institute of Standards and Technology NOTICES Meetings: National Construction Safety Team Advisory Committee, 32987-32988 04-13398 NOAA National Oceanic and Atmospheric Administration RULES Fishery conservation and management: Alaska; fisheries of Exclusive Economic Zone— Pollock, 32901-32904 04-13198 Northeastern United States fisheries— Northeast multispecies, 32900 04-13315 Marine mammals: Sea turtle conservation— Shrimp trawling requirements; offshore Atlantic waters from North Carolina to Florida; night fishing prohibition, 32898-32900 04-13210 PROPOSED RULES Endangered and threatened species: Marine and anadromous species— West Coast salmonids; 27 evolutionary significant units; listing determinations, 33101-33179 04-12706 NOTICES Agency information collection activities; proposals, submissions, and approvals, 32988-32990 04-13199 04-13206 04-13207 Committees; establishment, renewal, termination, etc.: Marine Fisheries Advisory Committee, 32990-32991 04-13200 Fishery conservation and management: Magnuson-Stevens Act provisions— Deep-sea coral and sponge habitat protection; comment request, 32991-32992 04-13204 Meetings: Recreational fisheries; strategic plan; correction, 32992 04-13208 Permits: Endangered and threatened species, 32992-32993 04-13203 Marine mammals, 04-13231 32993-32994 04-13316 Scientific research, 04-13201 32994-32995 04-13202 National Park National Park Service RULES Special regulations: Canyonlands National Park, Salt Creek Canyon, UT; motor vehicle prohibition, 32871-32876 04-13234 National Science National Science Foundation NOTICES Meetings; Sunshine Act, 33075 04-13455 NRCS Natural Resources Conservation Service NOTICES Field offices technical guides; changes: Michigan, 32974-32975 04-13233 Nuclear Nuclear Regulatory Commission RULES Domestic licensing proceedings and issuance of orders; practice rules: High-level radioactive waste disposal at geologic repository; licensing support network; electronic docket submissions, 32836-32849 04-13113 NOTICES Meetings: Nuclear Waste Advisory Committee, 33079 04-13251 Reactor Safeguards Advisory Committee, 33079-33080 04-13249 04-13250 04-13252 Reports and guidance documents; availability, etc.: Pressurized-water reactors; fabrication of pressurizer penetrations and steam space piping connections; alloy materials inspection, 33080-33081 04-13254 *Applications, hearings, determinations, etc.:* Rochester Gas & Electric Corp., 33075 04-13255 Tennessee Valley Authority, 33075-33079 04-13253 Office of U.S. Trade Office of United States Trade Representative See Trade Representative, Office of United States Personnel Personnel Management Office RULES Federal computer systems; security awareness and training for employees responsible for management or use, 32835-32836 04-13319 Railroad Railroad Retirement Board PROPOSED RULES Railroad Unemployment Insurance Act: Employers’ contributions and contribution reports, 32927-32928 04-13221 NOTICES Agency information collection activities; proposals, submissions, and approvals, 33081 04-13228 04-13229 Research Research and Special Programs Administration RULES Pipeline safety: Safety regulations; periodic updates, 32886-32898 04-12070 SEC Securities and Exchange Commission RULES Investment companies: Breakpoint discounts by mutual funds; disclosure, 33261-33270 04-13276 NOTICES Public Utility Holding Company Act of 1935 filings, 33081-33088 04-13277 Self-regulatory organizations; proposed rule changes: American Stock Exchange LLC, 33088-33090 04-13278 Chicago Board Options Exchange, Inc., 33090-33091 04-13279 Trade Trade Representative, Office of United States NOTICES Trade Policy Staff Committee: Volunteer trade capacity building assistance in support of free trade agreement negotiations with certain Andean countries; submission request, 33091-33092 04-13322 Transportation Transportation Department See Federal Aviation Administration See Federal Railroad Administration See National Highway Traffic Safety Administration See Research and Special Programs Administration Treasury Treasury Department See Internal Revenue Service RULES Government Securities Act regulations: Customer securities and balances; protection, 33257-33259 04-13128 NOTICES Government securities brokers and dealers; collateral pledge requirements, 33259-33260 04-13129 Separate Parts In This Issue Part II Commerce Department, National Oceanic and Atmospheric Administration, 33101-33179 04-12706 Part III Health and Human Services Department, Children and Families Administration, 33181-33202 04-13079 Part IV Commerce Department, International Trade Administration, 33203-33255 04-13072 04-13073 Part V Treasury Department, 33257-33260 04-13128 04-13129 Part VI Securities and Exchange Commission, 33261-33270 04-13276 Reader Aids Consult the Reader Aids section at the end of this issue for phone numbers, online resources, finding aids, reminders, and notice of recently enacted public laws. To subscribe to the Federal Register Table of Contents LISTSERV electronic mailing list, go to http://listserv.access.gpo.gov and select Online mailing list archives, FEDREGTOC-L, Join or leave the list (or change settings); then follow the instructions. 69 113 Monday, June 14, 2004 Rules and Regulations OFFICE OF PERSONNEL MANAGEMENT 5 CFR Part 930 RIN 3206-AJ84 Information Security Responsibilities for Employees Who Manage or Use Federal Information Systems AGENCY: Office of Personnel Management. ACTION: Final rule. SUMMARY: The Office of Personnel Management
(OPM)is issuing final regulations concerning information technology security awareness and training for agency personnel including contractors and other users of information systems that support the operations and assets of the agency. This regulation makes the rule clearer for expert and novice readers. It facilitates timely access to changes in information systems security awareness training guidelines and supplementary information systems training and standards resources through the use of the National Institute for Standards and Technology
(NIST)website. DATES: *Effective Date:* June 14, 2004. FOR FURTHER INFORMATION CONTACT: LaVeen Ponds by phone at 202-606-1394, by TTY at
(202)418-3134, by fax at
(202)606-2329, or e-mail at *lmponds@opm.gov.* SUPPLEMENTARY INFORMATION: The Office of Personnel Management
(OPM)issued proposed regulations at 68 FR 52528, on September 4, 2003, to revise the rules that govern the training of employees responsible for the management or use of Federal computer systems. We proposed streamlining the regulation where appropriate; removed text; and added a requirement for agencies to refer to the National Institute of Standards and Technology
(NIST)website for the most current information on information systems security awareness and training guidelines. The 30-day comment period ended on October 6, 2003. We received comments from five Federal agencies. One agency concurred with the proposed changes and stated that the changes are particularly beneficial. Two agencies pointed out that the Federal Information Security Management Act (FISMA), title III of Public Law 107-347 (116 Stat 2948), and the E-Government Act of 2002, Public Law 107-347 (116 Stat 2899), repealed sections of the Computer Security Act of 1987, Public Law 100-235 (101 Stat 1724). We have changed the authority source accordingly. One of these agencies noted that the language in the “Regulatory Flexibility Act” section of the proposed regulation did not include all individuals that the regulation will affect. We concur and have changed the language to reflect the individuals listed in Public Law 107-347 (116 Stat 2951) that are affected by this regulation. One agency pointed out that Office of Management and Budget
(OMB)Circular A-130, appendix III, also addressed OPM's responsibility to assure that its regulations concerning computer security training for Federal civilian employees are effective. Therefore, the agency suggested that OMB Circular A-130, appendix III, be referenced in the regulation. We believe the authority references are sufficient and establish the legal requirements for the regulation and that additional references are not necessary. Two agencies noted that the proposed regulation referenced a NIST website location that did not address the guidance for security awareness and training. A more direct link has been included in section 930.301(a). One of these agencies also suggested changing the word “computer” to “information technology” to better reflect the scope of the regulations and NIST guidance. We concur and have made the change where appropriate in the final regulation. Additionally, it is important to note the purpose of FISMA is to provide a comprehensive framework for ensuring the effectiveness of information security controls over any information resources that support Federal operations and assets. To that end, FISMA defines information system security to mean protecting any Federal information and information systems, which includes information technology
(IT)systems, from unauthorized access, use, disclosure, disruption, modification, or destruction. This agency also recommended that 5 CFR 903.301(a)(1) require all IT users be exposed to security awareness materials “regularly” versus “at least annually.” We do not concur. A standard and specified timeframe for training best serves the intent of the law and encourages agencies to ensure IT users' continual IT security vigilance. We did not adopt this agency's suggestion to address professionalization or certification to ensure a level of knowledge or competence because it is beyond the scope of this regulation. The same agency recommended adding a section requiring agencies to provide training commensurate with IT systems criticality and level of risk imposed by the untrained user. We did not adopt this recommendation because this issue is addressed in the Act and covered in 5 CFR § 903.301(b) through (d). We have incorporated the agency's suggestion to change NIST “policy” to NIST “guidelines” throughout the regulation. The agency comment that NIST guidance is based on roles and responsibilities and not position titles, as indicated in the regulation, does not require a change. The regulation requires role-specific training. Identification of employees performing these roles by position title is illustrative only and does not differ from the role-specific training basis of NIST guidance. Another agency suggested that the requirement to provide IT awareness material/exposure training to all new employees “within 60-days of their appointment” be changed to “prior to the employee's use of IT systems.” We concur and have changed the text pursuant to OMB Circular A-130, appendix III, part A, subsection A. Waiver of 30-day delay in effectiveness Pursuant to 5 U.S.C. 553(d)(3), good cause exists to waive the delay in effective date and make these regulations effective in less than 30 days. The delay in the effective date is being waived because the program changes do not mandate substantive change but will provide users more timely access to the most current applicable definitions and guidelines for information technology security awareness training. E.O. 12866, Regulatory Review This rule has been reviewed by the Office of Management and Budget in accordance with E.O. 12866. Regulatory Flexibility Act I certify that these regulations would not have a significant economic impact on a substantial number of small entities because they would apply only to Federal personnel including contractors and other users of information systems that support the operations and assets of the agency. List of Subjects in 5 CFR part 930 Administrative practice and procedure; Computer technology; Government employees; Motor vehicles. Office of Personnel Management. Kay Coles James, Director. Accordingly, OPM revises 5 CFR part 930, subpart C, as follows: PART 930—PROGRAMS FOR SPECIFIC POSITIONS AND EXAMINATIONS (MISCELLANEOUS) 1. Subpart C is revised to read as follows: Subpart C—Information Security Responsibilities for Employees who Manage or Use Federal Information Systems Authority: 5 U.S.C. 4118; Pub. L. 107-347, 116 Stat. 2899 §930.301 Information systems security awareness training program. Each Executive Agency must develop a plan for Federal information systems security awareness and training and
(a)Identify employees with significant information security responsibilities and provide role-specific training in accordance with National Institute of Standards and Technology
(NIST)standards and guidance available on the NIST Web site, *http://csrc.nist.gov/publications/nistpubs/,* as follows:
(1)All users of Federal information systems must be exposed to security awareness materials at least annually. Users of Federal information systems include employees, contractors, students, guest researchers, visitors, and others who may need access to Federal information systems and applications.
(2)Executives must receive training in information security basics and policy level training in security planning and management.
(3)Program and functional managers must receive training in information security basics; management and implementation level training in security planning and system/application security management; and management and implementation level training in system/application life cycle management, risk management, and contingency planning.
(4)Chief Information Officers (CIOs), IT security program managers, auditors, and other security-oriented personnel (e.g., system and network administrators, and system/application security officers) must receive training in information security basics and broad training in security planning, system and application security management, system/application life cycle management, risk management, and contingency planning.
(5)IT function management and operations personnel must receive training in information security basics; management and implementation level training in security planning and system/application security management; and management and implementation level training in system/application life cycle management, risk management, and contingency planning.
(b)Provide the Federal information systems security awareness material/exposure outlined in NIST guidance on IT security awareness and training to all new employees before allowing them access to the systems.
(c)Provide information systems security refresher training for agency employees as frequently as determined necessary by the agency, based on the sensitivity of the information that the employees use or process.
(d)Provide training whenever there is a significant change in the agency information system environment or procedures or when an employee enters a new position that requires additional role-specific training. [FR Doc. 04-13319 Filed 6-10-04; 8:45 am]
Connectionstraces to 2
Traces to 2 documents
U.S. Code
9 references not yet in our index
- 5 CFR 930
- Pub. L. 107-347
- 116 Stat. 2948
- 116 Stat. 2899
- Pub. L. 100-235
- 101 Stat. 1724
- 116 Stat. 2951
- 5 CFR 903.301(a)(1)
- 5 CFR 903.301(b)
Citation graph
cites case law
Unknown
Final rule
Cite5 CFR 930
Pub. L.Pub. L. 107-347
Stat.116 Stat. 2948
Stat.116 Stat. 2899
Pub. L.Pub. L. 100-235
Cites 11 · showing 7Cited by 0 across 0 sources