OMB.report

Federal forms, ICRs, and supporting documents

Information Collection Request

Department of Veterans Affairs Acquisition Regulation (VAAR) Contract Clause—Information and Information Systems Security

ICR 202511-2900-003 · OMB 2900-0900 · Active

Forms and Documents
DocumentTypeStatusAvailability
2900-0900 SS for 30-Day - 2026 03 19.docx Supporting Statement A Uploaded 2026-03-19 Repair queued
2900-0900 SS for 30-Day - 2026 03 19.docx Supporting Statement A Uploaded 2026-03-19 Available
Published 30-Day FRN - 91 FR 13407 - Thurs 03March2026.pdf Supplementary Document Uploaded 2026-03-19 Repair queued
Published 30-Day FRN - 91 FR 13407 - Thurs 03March2026.pdf Supplementary Document Uploaded 2026-03-19 Available
Published 60-Day FRN - 91 FR 330 - Mon 05Jan2026.pdf Supplementary Document Uploaded 2026-01-07 Repair queued
Published 60-Day FRN - 91 FR 330 - Mon 05Jan2026.pdf Supplementary Document Uploaded 2026-01-07 Available
IC Document Collections
IC IDCollectionTypeStatusForm
250436 Department of Veterans Affairs Acquisition Regulation (VAAR) Contract Clause-Information and Information Systems Security Instruction Modified
ICR Details
2900-0900 202511-2900-003
Active 202301-2900-014
VA PPS - 6
Department of Veterans Affairs Acquisition Regulation (VAAR) Contract Clause—Information and Information Systems Security
Revision of a currently approved collection   No
Regular
Approved without change 05/04/2026
Retrieve Notice of Action (NOA) 03/20/2026
  Inventory as of this Action Requested Previously Approved
05/31/2029 36 Months From Approved 05/31/2026
8,223 0 8,223
4,069 0 4,069
0 0 0
Under Public Law 113-283, Federal Information Security Modernization Act of 2014, each agency of the Federal Government must provide security for the information and information systems that support the operations and assets of the agency. To comply with Public Law 113-283, VA developed VAAR clause, 852.204-71, Information and Information System Security, and section 804.1970, Information security policy—contractor general responsibilities. The clause and the section apply to contractors with access to VA information or information systems. Among other things, the clause and section require a contractor to report a known or suspected security/privacy incident or data breach related to VA information or information systems. The clause also requires a contractor to notify VA when a contractor employee has been reassigned or terminated and no longer needs access to a VA information system.
PL: Pub.L. 113 - 283 2521 Name of Law: Federal Information Security Modernization Act of 2014
  
None
Not associated with rulemaking
  91 FR 330 01/05/2026
91 FR 13407 03/19/2026
No
  Total Approved Previously Approved Change Due to New Statute Change Due to Agency Discretion Change Due to Adjustment in Estimate Change Due to Potential Violation of the PRA
Annual Number of Responses 8,223 8,223 0 0 0 0
Annual Time Burden (Hours) 4,069 4,069 0 0 0 0
Annual Cost Burden (Dollars) 0 0 0 0 0 0
No
No
$192,057
No
    No
    No
No
No
No
No
Forrest Browne 202 714-6863 [email protected]
  No
On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
 
 
 
 
 
 
 
    (i) Why the information is being collected;
    (ii) Use of information;
    (iii) Burden estimate;
    (iv) Nature of response (voluntary, required for a benefit, or mandatory);
    (v) Nature and extent of confidentiality; and
    (vi) Need to display currently valid OMB control number;
 
 
 
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
03/20/2026