Information Collection Request

Department of Veterans Affairs Acquisition Regulation (VAAR)—Information Security and Privacy Contract Clauses

ICR 202511-2900-002 · OMB 2900-0895 · Active

Forms and Documents

Document	Type	Status	Availability
Published 30-Day FRN - 91 FR 14636.pdf	Supplementary Document	Uploaded 2026-03-25	Repair queued
Published 30-Day FRN - 91 FR 14636.pdf	Supplementary Document	Uploaded 2026-03-25	Available
2900-0895 - Public Comment received 11Mar2026 and VA Response - 2026 03 12.pdf	Public Comments	Uploaded 2026-03-11	Available
Published 60-day FRN - 91 FR 2276.pdf	Supplementary Document	Uploaded 2026-01-16	Repair queued
Published 60-day FRN - 91 FR 2276.pdf	Supplementary Document	Uploaded 2026-01-16	Available
2900-0895 SS for 30-Day - 2026 03 25.docx	Supporting Statement A	Uploaded 2026-03-25	Repair queued
2900-0895 SS for 30-Day - 2026 03 25.docx	Supporting Statement A	Uploaded 2026-03-25	Available

IC Document Collections

IC ID	Collection	Type	Status	Form
239190	Part 839 Three Clauses	Instruction	Unchanged

ICR Details

OMB Control No: 2900-0895	ICR Reference No: 202511-2900-002
Status: Active	Previous ICR Reference No: 202301-2900-013
Agency/Subagency: VA	Agency Tracking No: PPS - 5
Title: Department of Veterans Affairs Acquisition Regulation (VAAR)âInformation Security and Privacy Contract Clauses
Type of Information Collection: Revision of a currently approved collection	Common Form ICR: No
Type of Review Request: Regular
OIRA Conclusion Action: Approved without change	Conclusion Date: 05/04/2026
Retrieve Notice of Action (NOA)	Date Received in OIRA: 03/25/2026
Terms of Clearance:

	Inventory as of this Action	Requested	Previously Approved
Expiration Date	05/31/2029	36 Months From Approved	05/31/2026
Responses	15,384	0	15,384
Time Burden (Hours)	4,815	0	4,815
Cost Burden (Dollars)	0	0	0

Abstract: VA uses three Department of Veterans Affairs Acquisition Regulation (VAAR) contract clauses to ensure security when a contractor has access to VA information or information systems, as follows: â¢ Clause 852.239-70, Security Requirements for Information Technology Resources, is required in all solicitations, contracts and orders exceeding the micro-purchase threshold that include information technology services. This clause requires the contractor to be responsible for information technology security for all systems connected to a VA network or operated by the contractor for VA, regardless of location. â¢ Clause 852.239-72, Information System Design and Development, is required in all solicitations, contracts, orders and agreements where services to perform information system design and development are required. â¢ Clause 852.239-73, Information System Hosting, Operation, Maintenance, or Use, is required in all solicitations, contracts, orders and agreements where services to perform information system hosting, operation, or maintenance are required. Clauses 852.239-72 and 852.239-73 are intended to protect VA sensitive information and information technology by requiring contractor and subcontractor personnel to be subject to the same Federal laws, regulations, standards, and VA directives and handbooks as VA and VA personnel regarding information and information system security. This revision changes the title from âDepartment of Veterans Affairs Acquisition Regulation Clause 852.239-70, VA Information and Information System Security and Privacyâ to âDepartment of Veterans Affairs Acquisition Regulation (VAAR)âInformation Security and Privacy Contract Clausesâ. The previous title implied that this OMB Control Number covered a single clause instead of multiple clauses. The title change is the only revision to the currently approved collection.

Authorizing Statute(s): PL: Pub.L. 113 - 283 2521 Name of Law: Federal Information Security Modernization Act of 2014

Citations for New Statutory Requirements: None

Associated Rulemaking Information
RIN:	Stage of Rulemaking:	Federal Register Citation:	Date:
	Not associated with rulemaking

Federal Register Notices & Comments
60-day Notice:	Federal Register Citation:	Citation Date:
	91 FR 2276	01/16/2026
30-day Notice:	Federal Register Citation:	Citation Date:
	91 FR 14636	03/25/2026
Did the Agency receive public comments on this ICR? Yes

Number of Information Collection (IC) in this ICR: 1

IC Title	Form No.	Form Name
Part 839 Three Clauses

ICR Summary of Burden

	Total Approved	Previously Approved
Annual Number of Responses	15,384	15,384
Annual Time Burden (Hours)	4,815	4,815
Annual Cost Burden (Dollars)	0	0

Burden increases because of Program Change due to Agency Discretion: No

Burden Increase Due to:

Burden decreases because of Program Change due to Agency Discretion: No

Burden Reduction Due to:

Short Statement:

Annual Cost to Federal Government: $227,268

Does this IC contain surveys, censuses, or employ statistical methods? No

Does this ICR request any personally identifiable information (see OMB Circular No. A-130 for an explanation of this term)? Please consult with your agency's privacy program when making this determination. No

Does this ICR include a form that requires a Privacy Act Statement (see 5 U.S.C. §552a(e)(3))? Please consult with your agency's privacy program when making this determination. Yes

Is this ICR related to the Affordable Care Act [Pub. L. 111-148 & 111-152]? No

Is this ICR related to the Dodd-Frank Wall Street Reform and Consumer Protection Act, [Pub. L. 111-203]? No

Is this ICR related to the American Recovery and Reinvestment Act of 2009 (ARRA)? No

Is this ICR related to the Pandemic Response? No

Agency Contact: Forrest Browne 202 714-6863 [email protected]

Common Form ICR: No