The Department of Homeland Security, Stakeholder Engagement & Cyber Infrastructure Resilience Division (SECIR), 60026-60027 [2017-27114]
Download as PDF
<![CDATA[
60026
Federal Register / Vol. 82, No. 241 / Monday, December 18, 2017 / Notices
applications, the disclosure of which
would constitute a clearly unwarranted
invasion of personal privacy.
Name of Committee: National Institute of
Child Health and Human Development Initial
Review Group; Population Sciences
Subcommittee.
Date: February 9, 2017.
Time: 8:00 a.m. to 5:00 p.m.
Agenda: To review and evaluate grant
applications.
Place: Residence Inn Bethesda, 7335
Wisconsin Avenue, Bethesda, MD 20814.
Contact Person: Minki Chatterji, Scientific
Review Officer, Scientific Review Branch,
Eunice Kennedy Shriver National Institute of
Child Health and Human Development, NIH,
DHHS, 6710B Rockledge Drive, Rm. 2121D,
Bethesda, MD 20892–7501, 301–827–5435,
minki.chatterji@nih.gov.
Name of Committee: National Institute of
Child Health and Human Development
Special Emphasis Panel; Archiving and
Documenting Child Health and Human
Development Data Sets.
Date: February 9, 2018.
Time: 8:00 a.m. to 5:00 p.m.
Agenda: To review and evaluate grant
applications.
Place: Residence Inn Bethesda, 7335
Wisconsin Avenue, Bethesda, MD 20814.
Contact Person: Minki Chatterji, Scientific
Review Officer, Scientific Review Branch,
Eunice Kennedy Shriver National Institute of
Child Health and Human Development, NIH,
DHHS, 6710B Rockledge Drive, Rm. 2121D,
Bethesda, MD 20892–7501, 301–827–5435,
minki.chatterji@nih.gov.
(Catalogue of Federal Domestic Assistance
Program Nos. 93.864, Population Research;
93.865, Research for Mothers and Children;
93.929, Center for Medical Rehabilitation
Research; 93.209, Contraception and
Infertility Loan Repayment Program, National
Institutes of Health, HHS)
Dated: December 12, 2017.
Michelle Trout,
Program Analyst, Office of Federal Advisory
Committee Policy.
[FR Doc. 2017–27129 Filed 12–15–17; 8:45 am]
BILLING CODE 4140–01–P
DEPARTMENT OF HOMELAND
SECURITY
The Department of Homeland Security,
Stakeholder Engagement & Cyber
Infrastructure Resilience Division
(SECIR)
National Protection and
Programs Directorate (NPPD),
Department of Homeland Security
(DHS).
ACTION: 30-Day notice and request for
comments; new information collection
request: 1670—NEW.
daltland on DSKBBV9HB2PROD with NOTICES
AGENCY:
The DHS NPPD Office of
Cybersecurity and Communications
(CS&C), SECIR, will submit the
SUMMARY:
VerDate Sep<11>2014
17:53 Dec 15, 2017
Jkt 244001
following information collection request
(ICR) to the Office of Management and
Budget (OMB) for review and clearance
in accordance with the Paperwork
Reduction Act of 1995. DHS previously
published this ICR in the Federal
Register on Tuesday, July 18, 2017 at 82
FR 32859 for a 60-day public comment
period. Ten comments from two
commenters were received by DHS. The
purpose of this notice is to allow an
additional 30 days for public comments.
DATES: Comments are encouraged and
will be accepted until January 17, 2018.
This process is conducted in accordance
with 5 CFR part 1320.
ADDRESSES: Interested persons are
invited to submit written comments on
the proposed information collection to
the Office of Information and Regulatory
Affairs, OMB. You may send comments,
identified by the words ‘‘Department of
Homeland Security’’ and ‘‘OMB Control
Number 1670—NEW (IT Sector
Survey)’’, by:
Æ Email: dhsdeskofficer@
omb.eop.gov. Include ‘‘Department of
Homeland Security’’ and ‘‘OMB Control
Number 1670—NEW (IT Sector
Survey)’’ in the subject line of the
message.
Instructions: Comments submitted in
response to this notice may be made
available to the public through relevant
websites. For this reason, please do not
include in your comments information
of a confidential nature, such as
sensitive personal information or
proprietary information. If you send an
email comment, your email address will
be automatically captured and included
as part of the comment that is placed in
the public docket and made available on
the internet. Please note that responses
to this public comment request
containing any routine notice about the
confidentiality of the communication
will be treated as public comments that
may be made available to the public
notwithstanding the inclusion of the
routine notice.
FOR FURTHER INFORMATION CONTACT: For
specific questions related to collection
activities, please contact Reggie
McKinney at 703–705–6277 or at
reggie.mckinney@hq.dhs.gov.
SUPPLEMENTARY INFORMATION: Section
227 of the Homeland Security Act of
2002 authorizes the National
Cybersecurity and Communications
Integration Center (NCCIC) within NPPD
as a ‘‘Federal civilian interface for the
multi-directional and cross-sector
sharing of information related to . . .
cybersecurity risks.’’ 6 U.S.C. 148(c)(1).
This authority applies to Federal and
non-Federal entities, including the
private sector, small and medium
PO 00000
Frm 00027
Fmt 4703
Sfmt 4703
businesses, sectors of critical
infrastructure, and information sharing
organizations. This provision includes
the authority to receive, analyze and
disseminate information about
cybersecurity risks and incidents and to
provide guidance, assessments, incident
response support, and other technical
assistance upon request and codifies
NPPD’s coordinating role among Federal
and non-Federal entities. 6 U.S.C. 148.
As part of its information sharing
responsibilities with non-Federal
entities, the National Defense
Authorization Act For Fiscal Year 2017
(NDAA) amended the Homeland
Security Act to authorize the
Department to specifically focus on
small businesses. See Public Law 114–
328 (2016). Specifically, the NDAA
authorizes NPPD, through the Secretary,
to ‘‘leverage small business
development centers to provide
assistance to small business concerns by
disseminating information on cyber
threat indicators, defense measures,
cybersecurity risks, incidents, analyses,
and warnings to help small business
concerns in developing or enhancing
cybersecurity infrastructure, awareness
of cyber threat indicators, and cyber
training programs for employees.’’ See 6
U.S.C. 148(l)(1); see also 15 U.S.C.
648(a)(8)(A) (similarly authorizing DHS
‘‘and any other Federal department or
agency in coordination with the
Department of Homeland Security’’ to
‘‘leverage small business concerns by
disseminating information relating to
cybersecurity risks and other homeland
security matters to help small business
concerns in developing or enhancing
cybersecurity infrastructure, awareness
of cyber threat indicators, and cyber
training programs for employees’’).
Consistent with these authorities, E.O.
13636 directs the Department to
increase its cybersecurity information
sharing efforts with the private sector
and consult on and promote the
National Institute of Standards and
Technology (NIST) Cybersecurity
Framework. To facilitate the
Department’s promotion of the NIST
Cybersecurity Framework, the E.O.
directs the Secretary to establish a
voluntary program to support the
adoption of the Framework in
coordination with Sector Specific
Agencies, which in turn ‘‘shall
coordinate with Sector Coordinating
Councils to review the Cybersecurity
Framework and, if necessary, develop
implementation guidance or
supplemental materials to address
sector-specific risks and operating
environments.’’ E.O. 13636, 78 FR
11739 (2013).
E:\FR\FM\18DEN1.SGM
18DEN1
daltland on DSKBBV9HB2PROD with NOTICES
Federal Register / Vol. 82, No. 241 / Monday, December 18, 2017 / Notices
Accordingly, the Information
Technology (IT) Sector, represented by
industry via the IT Sector Coordinating
Council (SCC) and by government via
the IT Government Coordinating
Council (GCC), established the IT Sector
Small and Midsized Business (SMB)
Cybersecurity Best Practices Working
Group (‘‘Working Group’’) to develop
best practices for implementing the
NIST Cybersecurity Framework in the
SMB community. The Working Group,
which consists of industry and
government representatives, developed
the SMB Cybersecurity Survey to
determine return on investment (ROI)
metrics for NIST Cybersecurity
Framework adoption among SMB
stakeholders. This process will assess
the effectiveness of the NIST
Cybersecurity Framework. This process
will also establish a baseline for ROI
metrics, which have not previously
existed in the SMB community. The IT
Sector-Specific Agency (SSA),
headquartered in DHS NPPD CS&C, is
supporting the Working Group’s survey
development.
DHS is not administering, controlling
or soliciting the collection of the
information via the survey. The IT SCC
will administer the survey and
anonymize the data, which will then be
sent to DHS for analysis. As part of the
survey process, the IT SCC will collect
point of contact (POC) information but
will not include that information on the
anonymized dataset they submit to
DHS. As specified in more detail below,
the IT SCC will not only anonymize the
data but will also remove any personally
identifiable information (PII) from the
data prior to transmitting to DHS. DHS
will aid with the statistical analysis
where needed, but would not be
working with the individual responses
to the questionnaire.
The questionnaire will be distributed
to SMBs and is a two-part survey.
Questions 1–11 of the survey are for an
organization’s leadership, as these
questions pertain to high level
information about the company (core
function, number of employees, etc.).
The remaining questions are intended
for the Chief Information Security
Officer (CISO) or appropriate IT staff, as
these questions are technical and ask
about the IT security of the company.
As identified above, once the survey
is administered by the private sector
partners of the IT SCC to the member
organizations, the private sector
partners of the IT SCC will compile the
collected raw inputs and will (a) assign
unique random identifiers to each of the
responses, (b) scrub any PII from the
microdata, (c) conduct quality assurance
against the raw input. These processing
VerDate Sep<11>2014
17:53 Dec 15, 2017
Jkt 244001
steps (a–c) will be implemented PRIOR
to transmitting the resulting dataset to
DHS for statistical analysis. This survey
represents a new collection.
DHS will use anonymized data to
conduct their analysis. The intent is for
DHS to only receive derivative
products—anonymized micro-dataset to
come up with the summary statistics, or
aggregated summary results. The
analysis will determine ROI information
for NIST Cybersecurity Framework
adoption in the SMB community. The
results of this analysis will be available
to the SMB community to develop best
practices on how to use the
Cybersecurity Framework for business
protection and risk management.
OMB is particularly interested in
comments that:
1. Evaluate whether the proposed
collection of information is necessary
for the proper performance of the
functions of the agency, including
whether the information will have
practical utility;
2. Evaluate the accuracy of the
agency’s estimate of the burden of the
proposed collection of information,
including the validity of the
methodology and assumptions used;
3. Enhance the quality, utility, and
clarity of the information to be
collected; and
4. Minimize the burden of the
collection of information on those who
are to respond, including through the
use of appropriate automated,
electronic, mechanical, or other
technological collection techniques or
other forms of information technology,
e.g., permitting electronic submissions
of responses.
Title of Collection: The Department of
Homeland Security, Stakeholder
Engagement & Cyber Infrastructure
Resilience Division.
OMB Control Number: 1670—NEW.
Frequency: Once every five years.
Affected Public: Private sector, Small
& Midsize Businesses.
Number of Respondents: 1,000
annually.
Estimated Time per Respondent: 30
minutes.
Total Burden Hours: 500 annual
burden hours.
Total Burden Cost (capital/startup):
$0.
Total Recordkeeping Burden: $0.
Total Burden Cost (operating/
maintaining): $0.
David Epperson,
Chief Information Officer.
[FR Doc. 2017–27114 Filed 12–15–17; 8:45 am]
BILLING CODE 9110–9P–P
PO 00000
Frm 00028
Fmt 4703
Sfmt 4703
60027
DEPARTMENT OF HOUSING AND
URBAN DEVELOPMENT
[Docket No. FR–5997–N–80]
30-Day Notice of Proposed Information
Collection: Continuation of Interest
Reduction Payments After Refinancing
Section 236 Projects
Office of the Chief Information
Officer, HUD.
ACTION: Notice.
AGENCY:
HUD submitted the proposed
information collection requirement
described below to the Office of
Management and Budget (OMB) for
review, in accordance with the
Paperwork Reduction Act. The purpose
of this notice is to allow for 30 days of
public comment.
DATES: Comments Due Date: January 17,
2018.
ADDRESSES: Interested persons are
invited to submit comments regarding
this proposal. Comments should refer to
the proposal by name and/or OMB
Control Number and should be sent to:
HUD Desk Officer, Office of
Management and Budget, New
Executive Office Building, Washington,
DC 20503; fax:202–395–5806, Email:
OIRA Submission@omb.eop.gov
FOR FURTHER INFORMATION CONTACT: Inez
C. Downs, Reports Management Officer,
QMAC, Department of Housing and
Urban Development, 451 7th Street, SW,
Washington, DC 20410; email Inez. C.
Downs@hud.gov, or telephone 202–402–
8046. This is not a toll-free number.
Person with hearing or speech
impairments may access this number
through TTY by calling the toll-free
Federal Relay Service at (800) 877–8339.
Copies of available documents
submitted to OMB may be obtained
from Ms. Downs.
SUPPLEMENTARY INFORMATION: This
notice informs the public that HUD is
seeking approval from OMB for the
information collection described in
Section A.
The Federal Register notice that
solicited public comment on the
information collection for a period of 60
days was published on September 5,
2017 at 82 FR 41976.
SUMMARY:
A. Overview of Information Collection
Title of Information Collection:
Continuation of Interest Reduction
Payments After Refinancing Section 236
Projects.
OMB Approval Number: 2502–0572.
Type of Request: Revision of a
currently approved collection.
Form Number: HUD–93173
Agreement for Interest Reduction
Payments (§ 236(e)(2).
E:\FR\FM\18DEN1.SGM
18DEN1
]]>Agencies
[Federal Register Volume 82, Number 241 (Monday, December 18, 2017)]
[Notices]
[Pages 60026-60027]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-27114]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
The Department of Homeland Security, Stakeholder Engagement &
Cyber Infrastructure Resilience Division (SECIR)
AGENCY: National Protection and Programs Directorate (NPPD), Department
of Homeland Security (DHS).
ACTION: 30-Day notice and request for comments; new information
collection request: 1670--NEW.
-----------------------------------------------------------------------
SUMMARY: The DHS NPPD Office of Cybersecurity and Communications
(CS&C), SECIR, will submit the following information collection request
(ICR) to the Office of Management and Budget (OMB) for review and
clearance in accordance with the Paperwork Reduction Act of 1995. DHS
previously published this ICR in the Federal Register on Tuesday, July
18, 2017 at 82 FR 32859 for a 60-day public comment period. Ten
comments from two commenters were received by DHS. The purpose of this
notice is to allow an additional 30 days for public comments.
DATES: Comments are encouraged and will be accepted until January 17,
2018. This process is conducted in accordance with 5 CFR part 1320.
ADDRESSES: Interested persons are invited to submit written comments on
the proposed information collection to the Office of Information and
Regulatory Affairs, OMB. You may send comments, identified by the words
``Department of Homeland Security'' and ``OMB Control Number 1670--NEW
(IT Sector Survey)'', by:
[cir] Email: [email protected]. Include ``Department of
Homeland Security'' and ``OMB Control Number 1670--NEW (IT Sector
Survey)'' in the subject line of the message.
Instructions: Comments submitted in response to this notice may be
made available to the public through relevant websites. For this
reason, please do not include in your comments information of a
confidential nature, such as sensitive personal information or
proprietary information. If you send an email comment, your email
address will be automatically captured and included as part of the
comment that is placed in the public docket and made available on the
internet. Please note that responses to this public comment request
containing any routine notice about the confidentiality of the
communication will be treated as public comments that may be made
available to the public notwithstanding the inclusion of the routine
notice.
FOR FURTHER INFORMATION CONTACT: For specific questions related to
collection activities, please contact Reggie McKinney at 703-705-6277
or at [email protected].
SUPPLEMENTARY INFORMATION: Section 227 of the Homeland Security Act of
2002 authorizes the National Cybersecurity and Communications
Integration Center (NCCIC) within NPPD as a ``Federal civilian
interface for the multi-directional and cross-sector sharing of
information related to . . . cybersecurity risks.'' 6 U.S.C. 148(c)(1).
This authority applies to Federal and non-Federal entities, including
the private sector, small and medium businesses, sectors of critical
infrastructure, and information sharing organizations. This provision
includes the authority to receive, analyze and disseminate information
about cybersecurity risks and incidents and to provide guidance,
assessments, incident response support, and other technical assistance
upon request and codifies NPPD's coordinating role among Federal and
non-Federal entities. 6 U.S.C. 148.
As part of its information sharing responsibilities with non-
Federal entities, the National Defense Authorization Act For Fiscal
Year 2017 (NDAA) amended the Homeland Security Act to authorize the
Department to specifically focus on small businesses. See Public Law
114-328 (2016). Specifically, the NDAA authorizes NPPD, through the
Secretary, to ``leverage small business development centers to provide
assistance to small business concerns by disseminating information on
cyber threat indicators, defense measures, cybersecurity risks,
incidents, analyses, and warnings to help small business concerns in
developing or enhancing cybersecurity infrastructure, awareness of
cyber threat indicators, and cyber training programs for employees.''
See 6 U.S.C. 148(l)(1); see also 15 U.S.C. 648(a)(8)(A) (similarly
authorizing DHS ``and any other Federal department or agency in
coordination with the Department of Homeland Security'' to ``leverage
small business concerns by disseminating information relating to
cybersecurity risks and other homeland security matters to help small
business concerns in developing or enhancing cybersecurity
infrastructure, awareness of cyber threat indicators, and cyber
training programs for employees'').
Consistent with these authorities, E.O. 13636 directs the
Department to increase its cybersecurity information sharing efforts
with the private sector and consult on and promote the National
Institute of Standards and Technology (NIST) Cybersecurity Framework.
To facilitate the Department's promotion of the NIST Cybersecurity
Framework, the E.O. directs the Secretary to establish a voluntary
program to support the adoption of the Framework in coordination with
Sector Specific Agencies, which in turn ``shall coordinate with Sector
Coordinating Councils to review the Cybersecurity Framework and, if
necessary, develop implementation guidance or supplemental materials to
address sector-specific risks and operating environments.'' E.O. 13636,
78 FR 11739 (2013).
[[Page 60027]]
Accordingly, the Information Technology (IT) Sector, represented by
industry via the IT Sector Coordinating Council (SCC) and by government
via the IT Government Coordinating Council (GCC), established the IT
Sector Small and Midsized Business (SMB) Cybersecurity Best Practices
Working Group (``Working Group'') to develop best practices for
implementing the NIST Cybersecurity Framework in the SMB community. The
Working Group, which consists of industry and government
representatives, developed the SMB Cybersecurity Survey to determine
return on investment (ROI) metrics for NIST Cybersecurity Framework
adoption among SMB stakeholders. This process will assess the
effectiveness of the NIST Cybersecurity Framework. This process will
also establish a baseline for ROI metrics, which have not previously
existed in the SMB community. The IT Sector-Specific Agency (SSA),
headquartered in DHS NPPD CS&C, is supporting the Working Group's
survey development.
DHS is not administering, controlling or soliciting the collection
of the information via the survey. The IT SCC will administer the
survey and anonymize the data, which will then be sent to DHS for
analysis. As part of the survey process, the IT SCC will collect point
of contact (POC) information but will not include that information on
the anonymized dataset they submit to DHS. As specified in more detail
below, the IT SCC will not only anonymize the data but will also remove
any personally identifiable information (PII) from the data prior to
transmitting to DHS. DHS will aid with the statistical analysis where
needed, but would not be working with the individual responses to the
questionnaire.
The questionnaire will be distributed to SMBs and is a two-part
survey. Questions 1-11 of the survey are for an organization's
leadership, as these questions pertain to high level information about
the company (core function, number of employees, etc.). The remaining
questions are intended for the Chief Information Security Officer
(CISO) or appropriate IT staff, as these questions are technical and
ask about the IT security of the company.
As identified above, once the survey is administered by the private
sector partners of the IT SCC to the member organizations, the private
sector partners of the IT SCC will compile the collected raw inputs and
will (a) assign unique random identifiers to each of the responses, (b)
scrub any PII from the microdata, (c) conduct quality assurance against
the raw input. These processing steps (a-c) will be implemented PRIOR
to transmitting the resulting dataset to DHS for statistical analysis.
This survey represents a new collection.
DHS will use anonymized data to conduct their analysis. The intent
is for DHS to only receive derivative products--anonymized micro-
dataset to come up with the summary statistics, or aggregated summary
results. The analysis will determine ROI information for NIST
Cybersecurity Framework adoption in the SMB community. The results of
this analysis will be available to the SMB community to develop best
practices on how to use the Cybersecurity Framework for business
protection and risk management.
OMB is particularly interested in comments that:
1. Evaluate whether the proposed collection of information is
necessary for the proper performance of the functions of the agency,
including whether the information will have practical utility;
2. Evaluate the accuracy of the agency's estimate of the burden of
the proposed collection of information, including the validity of the
methodology and assumptions used;
3. Enhance the quality, utility, and clarity of the information to
be collected; and
4. Minimize the burden of the collection of information on those
who are to respond, including through the use of appropriate automated,
electronic, mechanical, or other technological collection techniques or
other forms of information technology, e.g., permitting electronic
submissions of responses.
Title of Collection: The Department of Homeland Security,
Stakeholder Engagement & Cyber Infrastructure Resilience Division.
OMB Control Number: 1670--NEW.
Frequency: Once every five years.
Affected Public: Private sector, Small & Midsize Businesses.
Number of Respondents: 1,000 annually.
Estimated Time per Respondent: 30 minutes.
Total Burden Hours: 500 annual burden hours.
Total Burden Cost (capital/startup): $0.
Total Recordkeeping Burden: $0.
Total Burden Cost (operating/maintaining): $0.
David Epperson,
Chief Information Officer.
[FR Doc. 2017-27114 Filed 12-15-17; 8:45 am]
BILLING CODE 9110-9P-P
