83 FR 56824 - Developing a Privacy Framework
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology Federal Register Volume 83, Issue 220 (November 14, 2018)
National Institute of Standards and Technology
Federal Register Volume 83, Issue 220 (November 14, 2018)
| Page Range | 56824-56827 | |
| FR Document | 2018-24714 |
[Federal Register Volume 83, Number 220 (Wednesday, November 14, 2018)] [Notices] [Pages 56824-56827] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2018-24714] ----------------------------------------------------------------------- DEPARTMENT OF COMMERCE National Institute of Standards and Technology [Docket Number 181101997-8997-01] Developing a Privacy Framework AGENCY: National Institute of Standards and Technology, U.S. Department of Commerce. ACTION: Notice; request for information (RFI). ----------------------------------------------------------------------- SUMMARY: The National Institute of Standards and Technology (NIST) is developing a framework that can be used to improve organizations' management of privacy risk for individuals arising from the collection, storage, use, and sharing of their information.\1\ The NIST Privacy Framework: An Enterprise Risk Management Tool (``Privacy Framework''), is intended for voluntary use and is envisioned to consist of outcomes and approaches that align policy, business, technological, and legal approaches to improve organizations' management of processes for incorporating privacy protections into products and services. This notice requests information to help identify, understand, refine, and guide development of the Privacy Framework. The Privacy Framework will be developed through a consensus-driven, open, and collaborative process that will include workshops and other opportunities to provide input. --------------------------------------------------------------------------- \1\ While NIST requests information about how organizations define privacy risk in topic #3 below, for the purposes of this RFI, NIST references the privacy risk model set forth in NISTIR 8062, An Introduction to Privacy Engineering and Risk Management in Federal Systems at https://csrc.nist.gov/publications/detail/nistir/8062/final, which analyzes the problems that individuals might experience as a result of the processing of their information, and the impact if they were to occur. DATES: Comments in response to this notice must be received by 5:00 --------------------------------------------------------------------------- p.m. Eastern time on December 31, 2018. ADDRESSES: Written comments may be submitted by mail to Katie MacFarland, National Institute of Standards and Technology, 100 Bureau Drive, Stop 2000, Gaithersburg, MD 20899. Electronic submissions may be sent to [email protected], and may be in any of the following formats: HTML, ASCII, Word, RTF, or PDF. Please cite ``Developing a Privacy Framework'' in all correspondence. Comments received by the deadline will be posted at http://www.nist.gov/privacyframework without change or redaction, so commenters should not include information they do not wish to be posted (e.g., personal or confidential business information). Comments that contain profanity, vulgarity, threats, or other inappropriate language or content will not be posted or considered. FOR FURTHER INFORMATION CONTACT: For questions about this RFI contact: Naomi Lefkovitz, U.S. Department of Commerce, NIST, MS 2000, 100 Bureau Drive, Gaithersburg, MD 20899, telephone (301) 975-2924, email [email protected]. Please direct media inquiries to NIST's Public Affairs Office at (301) 975-NIST. SUPPLEMENTARY INFORMATION: Genesis for the Privacy Framework's Development It is a challenge to design, operate, or use technologies in ways that are mindful of diverse privacy needs in an increasingly connected and complex environment. Current and cutting-edge technologies such as mobile devices, social media, the Internet of Things and artificial intelligence are giving rise to increased concerns about their impacts on individuals' privacy. Inside and outside the U.S., there are multiple visions for how to address these concerns. Accordingly, the U.S. Department of Commerce (DOC) is developing a forward-thinking approach that supports both business innovation and strong privacy protections. As part of this effort, NIST is developing a voluntary Privacy Framework to help organizations: better identify, assess, manage, and communicate privacy risks; foster the development of innovative approaches to protecting individuals' privacy; and increase trust in products and services.\2\ The Privacy Framework is intended to be a tool that would assist with enterprise risk management. --------------------------------------------------------------------------- \2\ In parallel with this effort, the DOC's National Telecommunications and Information Administration is developing a set of privacy principles in support of a domestic policy approach that advances consumer privacy protections while protecting prosperity and innovation, in coordination with DOC's International Trade Administration to ensure consistency with international policy objectives: https://www.ntia.doc.gov/federal-register-notice/2018/request-comments-developing-administration-s-approach-consumer-privacy. --------------------------------------------------------------------------- Privacy Framework Development and Attributes While good cybersecurity practices help manage privacy risk through the protection of personally identifiable information (PII),\3\ privacy risks also can arise from how organizations collect, store, use, and share PII to meet their mission or business objective, as well as how individuals interact with products and services. NIST seeks to understand whether organizations that design, operate, or use these products and services would be better able to address the full scope of privacy risk with more tools to support better implementation of privacy protections. --------------------------------------------------------------------------- \3\ For the purposes of this RFI, NIST is using the definition from the Office of Management and Budget Circular A-130. PII is defined as ``information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual.'' --------------------------------------------------------------------------- NIST will develop the Privacy Framework in a manner consistent with its mission to promote U.S. innovation and industrial competitiveness, and is seeking input from all interested stakeholders. NIST intends for the Framework to provide a prioritized, flexible, risk-based, outcome- based, and cost-effective approach that can be compatible with existing legal and regulatory regimes in order to be the most useful to organizations and enable widespread adoption. NIST expects that the Privacy Framework development process will involve several iterations to [[Page 56825]] allow for continuing engagement with interested stakeholders. This will include interactive workshops, along with other forms of outreach. On October 16, 2018, NIST held its first workshop in Austin, Texas to launch the framework development process.\4\ NIST heard from panelists from industry, civil society and academia, as well as audience participants about the needs the Privacy Framework should address and some key desired characteristics. As a consequence, NIST believes that in order to be effective, the Privacy Framework should have the following minimum attributes: --------------------------------------------------------------------------- \4\ https://www.nist.gov/news-events/events/2018/10/kicking-nist-privacy-framework-workshop-1. --------------------------------------------------------------------------- 1. Consensus-driven and developed and updated through an open, transparent process. All stakeholders should have the opportunity to contribute to the Privacy Framework's development. NIST has a long track record of successfully and collaboratively working with stakeholders to develop guidelines and standards. NIST will model the approach for the Privacy Framework on the successful, open, transparent, and collaborative approach used to develop the Framework for Improving Critical Infrastructure Cybersecurity (``Cybersecurity Framework'').\5\ --------------------------------------------------------------------------- \5\ https://www.nist.gov/cyberframework/framework. --------------------------------------------------------------------------- 2. Common and accessible language. The Privacy Framework should be understandable by a broad audience, including senior executives and those who are not privacy professionals. The Privacy Framework can then facilitate communications among various stakeholders by promoting use of this common language. 3. Adaptable to many different organizations, technologies, lifecycle phases, sectors, and uses. The Privacy Framework should be scalable to organizations of all sizes, public or private, in any sector, and operating within or across domestic borders. It should be platform- and technology- agnostic and customizable. 4. Risk-based, outcome-based, voluntary, and non-prescriptive. The Privacy Framework should provide a catalog of privacy outcomes and approaches to be used voluntarily, rather than a set of one-size-fits- all requirements, in order to: Foster innovation in products and services; inform education and workforce development; and promote research on and adoption of effective privacy solutions. The Privacy Framework should assist organizations to better manage privacy risks within their diverse environments without prescribing the methods for managing privacy risk. 5. Readily usable as part of any enterprise's broader risk management strategy and processes. The Privacy Framework should be consistent with, or reinforce, other risk management efforts within the enterprise, recognizing that privacy is one of several major areas of risk that an organization needs to manage. 6. Compatible with or may be paired with other privacy approaches. The Privacy Framework should take advantage of existing privacy standards, methodologies, and guidance. It should be compatible with and support organizations' ability to operate under applicable domestic and international legal or regulatory regimes. 7. A living document. The Privacy Framework should be updated as technology and approaches to privacy protection change and as stakeholders learn from implementation. Although the goal of the Privacy Framework is to help organizations better identify, assess, manage, and communicate privacy risks, NIST expects there may be aspects of privacy practices that are not sufficiently developed for inclusion in the Privacy Framework. When developing the Cybersecurity Framework, NIST produced a related roadmap that identified focus areas that still needed more research and understanding before they were mature enough for widespread adoption, but that could potentially inform future revisions of the Cybersecurity Framework. With respect to the Privacy Framework, NIST anticipates that a roadmap may be needed for similar reasons. As noted below, NIST solicits comments on the desired attributes of a Privacy Framework, as well as high-priority gaps in organizations' ability to manage privacy risk, as part of this RFI. Goals of This Request for Information Based upon discussions that took place during the October 16, 2018 workshop, this RFI seeks further information about the topics discussed by stakeholders, as elaborated in the sections below. The RFI invites stakeholders to submit ideas, based on their experience as well as their mission and business needs, to assist in prioritizing elements and development of the Privacy Framework. NIST invites industry, civil society groups, academic institutions, Federal agencies, state, local, territorial, tribal, and foreign governments, standard-setting organizations, and other interested stakeholders to respond. The goals of the Privacy Framework development process, generally, and this RFI, specifically, are: (i) To better understand common privacy challenges in the design, operation, and use of products and services that might be addressed through a voluntary Privacy Framework, (ii) to gain a greater awareness about the extent to which organizations are identifying and communicating privacy risk or have incorporated privacy risk management standards, guidelines, and best practices, into their policies and practices; and (iii) to specify high-priority gaps for which privacy guidelines, best practices, and new or revised standards are needed and that could be addressed by the Privacy Framework or a related roadmap. Details About Responses to This Request for Information When addressing the topics below, commenters may address the practices of their organization or a group of organizations with which they are familiar. If desired, commenters may provide information about the type, size, and location of the organization(s). Provision of such information is optional and will not affect NIST's full consideration of the comment. Comments containing references, studies, research, and other empirical data that are not widely published (e.g., available on the internet) should include copies of or electronic links to the referenced materials. Beyond that, responses should not include additional information. Do not include in comments or otherwise submit information deemed to be proprietary, private, or in any way confidential, as all comments relevant to this RFI topic area that are received by the deadline will be made available publicly at http://www.nist.gov/privacyframework. Request for Information The following list of topics covers the major areas about which NIST seeks information. The listed areas are not intended to limit the topics that may be addressed by respondents so long as they address privacy and how a useful Privacy Framework might be developed. Responses may include any topic believed to have implications for the development of the Privacy Framework, regardless of whether the topic is included in this document. Risk Management NIST solicits information about how organizations assess risk; how privacy [[Page 56826]] considerations factor into that risk assessment; the current usage of existing privacy standards, frameworks, models, methodologies, tools, guidelines, and principles; and other risk management practices related to privacy. In addition, NIST is interested in understanding whether particular frameworks, standards, guidelines, and/or best practices are mandated by legal or regulatory requirements and the challenges organizations perceive in meeting such requirements. This will assist in achieving NIST's goal of developing a framework that includes and identifies common practices across contexts and environments and is structured to help organizations achieve positive privacy outcomes. Accordingly, NIST is requesting information related to the following topics: Organizational Considerations 1. The greatest challenges in improving organizations' privacy protections for individuals; 2. The greatest challenges in developing a cross-sector standards- based framework for privacy; 3. How organizations define and assess risk generally, and privacy risk specifically; 4. The extent to which privacy risk is incorporated into different organizations' overarching enterprise risk management; 5. Current policies and procedures for managing privacy risk; 6. How senior management communicates and oversees policies and procedures for managing privacy risk; 7. Formal processes within organizations to address privacy risks that suddenly increase in severity; 8. The minimum set of attributes desired for the Privacy Framework, as described in the Privacy Framework Development and Attributes section of this RFI, and whether any attributes should be added, removed or clarified; 9. What an outcome-based approach to privacy would look like; 10. What standards, frameworks, models, methodologies, tools, guidelines and best practices, and principles organizations are aware of or using to identify, assess, manage, and communicate privacy risk at the management, operational, and technical levels, and whether any of them currently meet the minimum attributes described above; 11. How current regulatory or regulatory reporting requirements (e.g., local, state, national, international) relate to the use of standards, frameworks, models, methodologies, tools, guidelines and best practices, and principles; 12. Any mandates to use specific standards, frameworks, models, methodologies, tools, guidelines and best practices, and principles or conflicts between requirements and desired practices; 13. The role(s) national/international standards and organizations that develop national/international standards play or should play in providing confidence mechanisms for privacy standards, frameworks, models, methodologies, tools, guidelines, and principles; 14. The international implications of a Privacy Framework on global business or in policymaking in other countries; and 15. How the Privacy Framework could be developed to advance the recruitment, hiring, development, and retention of a knowledgeable and skilled workforce necessary to perform privacy functions within organizations. Structuring the Privacy Framework NIST is interested in understanding how to structure the Privacy Framework to achieve the desired set of attributes and improve integration of privacy risk management processes with the organizational processes for developing products and services for better privacy outcomes. NIST is seeking any input from the public regarding options for structuring the Privacy Framework, and is particularly interested in receiving comment on the following issues, if applicable: 16. Please describe how your organization currently manages privacy risk. For example, do you structure your program around the information life cycle (i.e., the different stages--from collection to disposal-- through which PII is processed), around principles such as the fair information practice principles (FIPPs), or by some other construct? 17. Whether any aspects of the Cybersecurity Framework could be a model for this Privacy Framework, and what is the relationship between the two frameworks. 18. Please describe your preferred organizational construct for the Privacy Framework. For example, would you like to see a Privacy Framework that is structured around: a. The information life cycle; b. Principles such as FIPPs; c. The NIST privacy engineering objectives of predictability, manageability, and disassociability \6\ or other objectives; --------------------------------------------------------------------------- \6\ NISTIR 8062, An Introduction to Privacy Engineering and Risk Management in Federal Systems at https://csrc.nist.gov/publications/detail/nistir/8062/final. --------------------------------------------------------------------------- d. Use cases or design patterns; e. A construct similar to the Cybersecurity Framework functions, categories, and subcategories; or f. Other organizing constructs? Please elaborate on the benefits or challenges of your preferred approach with respect to integration with organizational processes for managing enterprise risk and developing products or services. If you provided information about topic 10 above, please identify any supporting examples of standards, frameworks, models, methodologies, tools, guidelines and best practices, and principles. Specific Privacy Practices In addition to the approaches above, NIST is interested in identifying core privacy practices that are broadly applicable across sectors and organizations. NIST is interested in information on the degree of adoption of the following practices regarding products and services:De-identification; Enabling users to have a reliable understanding about how information is being collected, stored, used, and shared; Enabling user preferences; Setting default privacy configurations; Use of cryptographic technology to achieve privacy outcomes--for example, the disassociability privacy engineering objective; Data management, including: [cir] Tracking permissions or other types of data tracking tools, [cir] Metadata, [cir] Machine readability, [cir] Data correction and deletion; and Usable design or requirements. 19. Whether the practices listed above are widely used by organizations; 20. Whether, in addition to the practices noted above, there are other practices that should be considered for inclusion in the Privacy Framework; 21. How the practices listed above or other proposed practices relate to existing international standards and best practices; 22. Which of these practices you see as being the most critical for protecting individuals' privacy; 23. Whether some of these practices are inapplicable for particular sectors or environments; 24. Which of these practices pose the most significant implementation challenge, and whether the challenges vary by technology or other factors such as size or workforce capability of the organization; [[Page 56827]] 25. Whether these practices are relevant for new technologies like the Internet of Things and artificial intelligence; and 26. How standards or guidelines are utilized by organizations in implementing these practices. Authority: 15 U.S.C. 272(b), (c), & (e); 15 U.S.C. 278g-3. Kevin A. Kimball, Chief of Staff. [FR Doc. 2018-24714 Filed 11-13-18; 8:45 am] BILLING CODE 3510-13-P
![56824 Federal Register / Vol. 83, No. 220 / Wednesday, November 14, 2018 / Notices
assessed at rates equal to the cash Framework: An Enterprise Risk on individuals’ privacy. Inside and
deposit of estimated countervailing Management Tool (‘‘Privacy outside the U.S., there are multiple
duties required at the time of entry, or Framework’’), is intended for voluntary visions for how to address these
withdrawal from warehouse, for use and is envisioned to consist of concerns. Accordingly, the U.S.
consumption, in accordance with 19 outcomes and approaches that align Department of Commerce (DOC) is
CFR 351.212(c)(1)(i). Commerce intends policy, business, technological, and developing a forward-thinking approach
to issue appropriate assessment legal approaches to improve that supports both business innovation
instructions directly to CBP 15 days organizations’ management of processes and strong privacy protections. As part
after the date of publication of this for incorporating privacy protections of this effort, NIST is developing a
notice in the Federal Register. into products and services. This notice voluntary Privacy Framework to help
requests information to help identify, organizations: better identify, assess,
Notification Regarding Administrative
understand, refine, and guide manage, and communicate privacy
Protective Orders
development of the Privacy Framework. risks; foster the development of
This notice serves as the only The Privacy Framework will be innovative approaches to protecting
reminder to parties subject to developed through a consensus-driven, individuals’ privacy; and increase trust
administrative protective order (APO) of open, and collaborative process that will in products and services.2 The Privacy
their responsibility concerning the include workshops and other Framework is intended to be a tool that
return or destruction of proprietary opportunities to provide input. would assist with enterprise risk
information disclosed under APO in DATES: Comments in response to this management.
accordance with 19 CFR 351.305(a)(3). notice must be received by 5:00 p.m.
Timely written notification of the Privacy Framework Development and
Eastern time on December 31, 2018. Attributes
return/destruction of APO materials or
ADDRESSES: Written comments may be
conversion to judicial protective order is While good cybersecurity practices
submitted by mail to Katie MacFarland, help manage privacy risk through the
hereby requested. Failure to comply
National Institute of Standards and protection of personally identifiable
with the regulations and terms of an
Technology, 100 Bureau Drive, Stop information (PII),3 privacy risks also can
APO is a sanctionable violation.
2000, Gaithersburg, MD 20899. arise from how organizations collect,
This notice is issued and published in
Electronic submissions may be sent to store, use, and share PII to meet their
accordance with section 777(i)(1) of the
privacyframework@nist.gov, and may be mission or business objective, as well as
Act and 19 CFR 351.213(d)(4).
in any of the following formats: HTML, how individuals interact with products
Dated: November 7, 2018. ASCII, Word, RTF, or PDF. Please cite
James Maeder,
and services. NIST seeks to understand
‘‘Developing a Privacy Framework’’ in whether organizations that design,
Associate Deputy Assistant Secretary for all correspondence. Comments received operate, or use these products and
Antidumping and Countervailing Duty by the deadline will be posted at http://
Operations performing the duties of Deputy services would be better able to address
www.nist.gov/privacyframework the full scope of privacy risk with more
Assistant Secretary for Antidumping and without change or redaction, so
Countervailing Duty Operations. tools to support better implementation
commenters should not include of privacy protections.
[FR Doc. 2018–24791 Filed 11–13–18; 8:45 am] information they do not wish to be NIST will develop the Privacy
BILLING CODE 3510–DS–P posted (e.g., personal or confidential Framework in a manner consistent with
business information). Comments that its mission to promote U.S. innovation
contain profanity, vulgarity, threats, or and industrial competitiveness, and is
DEPARTMENT OF COMMERCE other inappropriate language or content seeking input from all interested
National Institute of Standards and will not be posted or considered. stakeholders. NIST intends for the
Technology FOR FURTHER INFORMATION CONTACT: For Framework to provide a prioritized,
questions about this RFI contact: Naomi flexible, risk-based, outcome-based, and
[Docket Number 181101997–8997–01] Lefkovitz, U.S. Department of cost-effective approach that can be
Developing a Privacy Framework Commerce, NIST, MS 2000, 100 Bureau compatible with existing legal and
Drive, Gaithersburg, MD 20899, regulatory regimes in order to be the
AGENCY: National Institute of Standards telephone (301) 975–2924, email most useful to organizations and enable
and Technology, U.S. Department of privacyframework@nist.gov. Please widespread adoption. NIST expects that
Commerce. direct media inquiries to NIST’s Public the Privacy Framework development
ACTION: Notice; request for information Affairs Office at (301) 975–NIST. process will involve several iterations to
(RFI). SUPPLEMENTARY INFORMATION:
2 In parallel with this effort, the DOC’s National
SUMMARY: The National Institute of Genesis for the Privacy Framework’s Telecommunications and Information
Standards and Technology (NIST) is Development Administration is developing a set of privacy
principles in support of a domestic policy approach
developing a framework that can be It is a challenge to design, operate, or that advances consumer privacy protections while
used to improve organizations’ use technologies in ways that are protecting prosperity and innovation, in
management of privacy risk for mindful of diverse privacy needs in an coordination with DOC’s International Trade
individuals arising from the collection, Administration to ensure consistency with
increasingly connected and complex international policy objectives: https://
storage, use, and sharing of their environment. Current and cutting-edge www.ntia.doc.gov/federal-register-notice/2018/
information.1 The NIST Privacy technologies such as mobile devices, request-comments-developing-administration-s-
social media, the Internet of Things and approach-consumer-privacy.
1 While NIST requests information about how 3 For the purposes of this RFI, NIST is using the
artificial intelligence are giving rise to
organizations define privacy risk in topic #3 below, definition from the Office of Management and
for the purposes of this RFI, NIST references the increased concerns about their impacts Budget Circular A–130. PII is defined as
privacy risk model set forth in NISTIR 8062, An ‘‘information that can be used to distinguish or
Introduction to Privacy Engineering and Risk which analyzes the problems that individuals might trace an individual’s identity, either alone or when
Management in Federal Systems at https:// experience as a result of the processing of their combined with other information that is linked or
csrc.nist.gov/publications/detail/nistir/8062/final, information, and the impact if they were to occur. linkable to a specific individual.’’
VerDate Sep<11>2014 18:29 Nov 13, 2018 Jkt 247001 PO 00000 Frm 00027 Fmt 4703 Sfmt 4703 E:\FR\FM\14NON1.SGM 14NON1](https://thefederalregister.org/doc/83_FR_57044/page/1.svg)
![Federal Register / Vol. 83, No. 220 / Wednesday, November 14, 2018 / Notices 56827
25. Whether these practices are 20899–2100. Electronic comments may record and subject to public disclosure.
relevant for new technologies like the be submitted to david.alderman@ NIST reserves the right to publish
Internet of Things and artificial nist.gov. comments publicly, unedited and in
intelligence; and FOR FURTHER INFORMATION CONTACT: their entirety. Sensitive personal
26. How standards or guidelines are David F. Alderman, Standards information, such as account numbers
utilized by organizations in Coordination Office, National Institute or Social Security numbers, or names of
implementing these practices. of Standards and Technology, telephone other individuals, should not be
Authority: 15 U.S.C. 272(b), (c), & (e); 15 (301) 975–4019; fax: (301) 975–4715, included. Submissions will not be
U.S.C. 278g–3. email: david.alderman@nist.gov. edited to remove any identifying or
contact information. Do not submit
Kevin A. Kimball, SUPPLEMENTARY INFORMATION: The
confidential business information, or
Chief of Staff. proposed revision of the standard has otherwise sensitive or protected
[FR Doc. 2018–24714 Filed 11–13–18; 8:45 am]
been developed and is being processed information. Comments that contain
in accordance with Department of profanity, vulgarity, threats, or other
BILLING CODE 3510–13–P
Commerce provisions in 15 CFR part 10, inappropriate language or content will
Procedures for the Development of not be considered.
DEPARTMENT OF COMMERCE Voluntary Product Standards, as Written comments should be
amended (published June 20, 1986). The submitted in accordance with the DATES
National Institute of Standards and Standing Committee for PS 2 is and ADDRESSES sections of this notice.
Technology responsible for maintaining, revising, The Standing Committee for PS 2 and
and interpreting the standard, and is NIST will consider all responsive
Proposed Voluntary Product Standard comprised of producers, distributors, comments received and may revise the
2–10, Performance Standard for Wood- users, and others with an interest in the standard accordingly.
Based Structural-Use Panels standard. Committee members voted on
the revision, which was approved Authority: 15 U.S.C. 272.
AGENCY: National Institute of Standards
unanimously. The Committee then Kevin A. Kimball,
and Technology (NIST), Commerce.
submitted a report to NIST along with Chief of Staff.
ACTION: Notice and request for the voting results and the draft revised [FR Doc. 2018–24713 Filed 11–13–18; 8:45 am]
comments. standard. NIST has determined that the BILLING CODE 3510–13–P
SUMMARY: The National Institute of revised standard should be issued for
Standards and Technology (NIST) is public comment.
Voluntary Product Standard PS 2–10
soliciting public comment on a COMMODITY FUTURES TRADING
establishes structural criteria for
proposed revision to Voluntary Product COMMISSION
assessing the acceptability of wood-
Standard (PS) 2–10, Performance
based structural-use panels for Agency Information Collection
Standard for Wood-Based Structural-
construction sheathing and single-floor Activities: Notice of Intent To Renew
Use Panels. The standard, prepared by
application and provides a basis for Collection 3038–0043, Rules Relating
the Standing Committee for PS 2,
common understanding among the To Review of National Futures
establishes requirements for those who
producers, distributors, and the users of Association Decisions in Disciplinary,
choose to adhere to the standard, for the
these products. After conducting a Membership Denial, Registration, and
structural criteria to assess the
review of the current standard, PS 2–10, Member Responsibility Actions
acceptability of wood-based structural-
the Standing Committee for PS 2
use panels for construction sheathing AGENCY: Commodity Futures Trading
determined that updates were needed to
and single-floor applications. It also Commission.
reflect current industry practices and
provides a basis for common
developed the proposed revision to the ACTION: Notice.
understanding among the producers,
standard through meetings to review the
distributors, and the users of these SUMMARY: The Commodity Futures
standard and propose needed changes.
products. Interested parties are invited Trading Commission (‘‘CFTC’’) is
The proposed revision includes the
to review the proposed standard and announcing an opportunity for public
following changes: Change of title,
submit comments to NIST. comment on the renewal of a collection
editorial corrections, new and revised
DATES: Written comments regarding the definitions, updated references, and of certain information by the agency.
proposed revision to PS 2–10 should be changes to Section 5 Requirements. A Under the Paperwork Reduction Act
submitted to the Standards Services complete list of proposed changes can (‘‘PRA’’), Federal agencies are required
Division, NIST, no later than December be found at https://www.nist.gov/ to publish notice in the Federal Register
14, 2018. standardsgov/voluntary-product- concerning each proposed collection of
ADDRESSES: An electronic copy (an standards-program. All public information, including each proposed
Adobe Acrobat File) of the proposed comments will be reviewed and extension of an existing collection of
revision to the standard, PS 2–10, can be considered. information, and to allow 60 days for
obtained at the following website: Attachments will be accepted in plain public comment. This notice solicits
https://www.nist.gov/standardsgov/ text, Microsoft Word, or Adobe PDF comments on rules relating to review of
voluntary-product-standards-program. formats. Comments containing National Futures Association decisions
This site also includes an electronic references, studies, research, and other in disciplinary, membership denial,
copy of PS 2–10 (the existing standard) empirical data that are not widely registration, and member responsibility
and a summary of the significant published should include copies or actions.
changes. Written comments on the electronic links of the referenced DATES: Comments must be submitted on
proposed revision should be submitted materials. or before January 14, 2019.
to David F. Alderman, Standards All submissions, including ADDRESSES: You may submit comments,
Coordination Office, NIST, 100 Bureau attachments and other supporting identified by ‘‘OMB Control No. 3038–
Drive, Stop 2100, Gaithersburg, MD materials, will become part of the public 0043’’ by any of the following methods:
VerDate Sep<11>2014 18:29 Nov 13, 2018 Jkt 247001 PO 00000 Frm 00030 Fmt 4703 Sfmt 4703 E:\FR\FM\14NON1.SGM 14NON1](https://thefederalregister.org/doc/83_FR_57044/page/4.svg)
Document Created: 2018-11-14 03:32:05
Document Modified: 2018-11-14 03:32:05
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice; request for information (RFI). | |
| Dates | Comments in response to this notice must be received by 5:00 | |
| Contact | For questions about this RFI contact: Naomi Lefkovitz, U.S. Department of Commerce, NIST, MS 2000, 100 Bureau Drive, Gaithersburg, MD 20899, telephone (301) 975-2924, email [email protected] Please direct media inquiries to NIST's Public Affairs Office at (301) 975-NIST. | |
| FR Citation | 83 FR 56824 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR