Nationwide Cyber Security Review Assessment, 52499-52500 [2018-22548]

Download as PDF Federal Register / Vol. 83, No. 201 / Wednesday, October 17, 2018 / Notices daltland on DSKBBV9HB2PROD with NOTICES for the proper performance of the functions of the agency, including whether the information will have practical utility; (2) the accuracy of the agency’s estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used; (3) suggestions to enhance the quality, utility, and clarity of the information to be collected; and (4) suggestions to minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses. The comments that are submitted will be summarized and included in the request for approval. All comments will become a matter of public record. Overview of This Information Collection Title: Application for Extension of Bond for Temporary Importation. OMB Number: 1651–0015. Form Number: CBP Form 3173. Abstract: Imported merchandise which is to remain in the customs territory for a period of one year or less without the payment of duties is entered as a temporary importation, as authorized under the Harmonized Tariff Schedule of the United States (19 U.S.C. 1202). When this time period is not sufficient, it may be extended by submitting an application on CBP Form 3173, ‘‘Application for Extension of Bond for Temporary Importation.’’ This form is provided for by 19 CFR 10.37 and is accessible at: https:// www.cbp.gov/newsroom/publications/ forms?title=3173. Current Actions: CBP proposes to extend the expiration date of this information collection with no changes to the burden hours or to Form 3173. Type of Review: Extension (without change). Affected Public: Businesses. Estimated Number of Respondents: 1,200. Estimated Number of Annual Responses per Respondent: 14. Estimated Total Annual Responses: 16,800. Estimated Time per Response: 13 minutes. Estimated Total Annual Burden Hours: 3,646. Dated: October 11, 2018. Seth D. Renkema, Branch Chief, Economic Impact Analysis Branch, U.S. Customs and Border Protection. [FR Doc. 2018–22512 Filed 10–16–18; 8:45 am] BILLING CODE 9111–14–P VerDate Sep<11>2014 19:46 Oct 16, 2018 Jkt 247001 DEPARTMENT OF HOMELAND SECURITY Nationwide Cyber Security Review Assessment Office of Cybersecurity and Communications (CS&C), National Protection and Programs Directorate (NPPD), Department of Homeland Security (DHS). ACTION: 30-Day Notice and request for comments; New Collection, 1670–NEW. AGENCY: DHS NPPD CS&C will submit the following information collection request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995. DHS previously published this information collection request (ICR) in the Federal Register on Thursday, July 5, 2018 at 83 FR 31412 for a 60-day public comment period. 0 comments were received by DHS. The purpose of this notice is to allow an additional 30 days for public comments. DATES: Comments are encouraged and will be accepted until November 16, 2018. SUMMARY: Interested persons are invited to submit written comments on the proposed information collection to the Office of Information and Regulatory Affairs, Office of Management and Budget. Comments should be addressed to OMB Desk Officer, Department of Homeland Security and sent via electronic mail to dhsdeskofficer@ omb.eop.gov. All submissions must include the words ‘‘Department of Homeland Security’’ and the OMB Control Number 1670–NEW— Nationwide Cyber Security Review Assessment. Comments submitted in response to this notice may be made available to the public through relevant websites. For this reason, please do not include in your comments information of a confidential nature, such as sensitive personal information or proprietary information. If you send an email comment, your email address will be automatically captured and included as part of the comment that is placed in the public docket and made available on the internet. Please note that responses to this public comment request containing any routine notice about the confidentiality of the communication will be treated as public comments that may be made available to the public notwithstanding the inclusion of the routine notice. FOR FURTHER INFORMATION CONTACT: For specific questions related to collection ADDRESSES: PO 00000 Frm 00124 Fmt 4703 Sfmt 4703 52499 activities, please contact Donna Beach at 703–705–6213 or at SLTTCyber@ HQ.DHS.GOV. SUPPLEMENTARY INFORMATION: In its reports to the Department of Homeland Security Appropriations Act, 2010, Congress requested a Nationwide Cyber Security Review (NCSR) from the National Cyber Security Division (NCSD), the predecessor organization of the Stakeholder Engagement and Cyber Infrastructure Resilience (SECIR) division. S. Rep. No. 111–31, at 91 (2009), H.R. Rep. No. 111–298, at 96 (2009). The House Conference Report accompanying the Department of Homeland Security Appropriations Act, 2010 ‘‘note[d] the importance of a comprehensive effort to assess the security level of cyberspace at all levels of government’’ and directed DHS to ‘‘develop the necessary tools for all levels of government to complete a cyber network security assessment so that a full measure of gaps and capabilities can be completed in the near future.’’ H.R. Rep. No. 111–298, at 96 (2009). Concurrently, in its report accompanying the Department of Homeland Security Appropriations Bill, 2010, the Senate Committee on Appropriations recommended that DHS ‘‘report on the status of cyber security measures in place, and gaps in all 50 States and the largest urban areas.’’ S. Rep. No. 111–31, at 91 (2009). The Homeland Security Act of 2002, as amended, established ‘‘a national cybersecurity and communications integration center [NCCIC] . . . to carry out certain responsibilities of the Under Secretary,’’ including the provision of assessments. 6 U.S.C. 148(b). The Act also directs the composition of the NCCIC to include an entity that collaborates with State and local governments on cybersecurity risks and incidents, and has entered into a voluntary information sharing relationship with the NCCIC. 6 U.S.C. 148(d)(1)(E). The Multistate Information Sharing and Analysis Center (MS–ISAC) currently fulfills this function. NPPD funds the MS–ISAC through a Cooperative Agreement and maintains a close relationship with this entity. As part of the Cooperative Agreement, DHS directs the MS–ISAC to produce the NCSR as contemplated by Congress. Generally, NPPD has authority to perform risk and vulnerability assessments for Federal and non-Federal entities, with consent and upon request. The NCCIC performs these assessments in accordance with its authority to provide voluntary technical assistance to Federal and non-Federal entities. See 6 U.S.C. 148(c)(6), 143(2). This authority E:\FR\FM\17OCN1.SGM 17OCN1 daltland on DSKBBV9HB2PROD with NOTICES 52500 Federal Register / Vol. 83, No. 201 / Wednesday, October 17, 2018 / Notices is consistent with the Department’s responsibility to ‘‘[c]onduct comprehensive assessments of the vulnerabilities of the Nation’s critical infrastructure in coordination with the SSAs [Sector-Specific Agencies] and in collaboration with SLTT [State, Local, Tribal, and Territorial] entities and critical infrastructure owners and operators.’’ Presidential Policy Directive (PPD)–21, at 3. A private sector entity or state and local government agency also has discretion to use a self-assessment tool offered by NPPD or request NPPD to perform an on-site risk and vulnerability assessment. See 6 U.S.C. 148(c)(6), 143(2), 6 U.S.C. 121(d)(2). The NCSR is a voluntary annual selfassessment. Upon submission of the first NCSR report in March 2012, Congress further clarified its expectation ‘‘that this survey will be updated every other year so that progress may be charted and further areas of concern may be identified.’’ S. Rep. No. 112–169, at 100 (2012). In each subsequent year, Congress has referenced this NCSR in its explanatory comments and recommendations accompanying the Department of Homeland Security Appropriations. Consistent with Congressional mandates, SECIR developed the NCSR to measure the gaps and capabilities of cybersecurity programs within SLTT governments. Using the anonymous results of the NCSR, DHS delivers a bi-annual summary report to Congress that provides a broad picture of the current cybersecurity gaps & capabilities of SLTT governments across the nation. The assessment allows SLTT governments to manage cybersecurity related risks through the NIST Cybersecurity Framework (CSF) which consists of best practices, standards and guidelines. In efforts of continuously providing Congress with an accurate representation of the SLTT governments’ cybersecurity programs gaps and capabilities the NCSR question sets and surveys may slightly change from year-to-year to accurately reflect the current cybersecurity environment. The NCSR is an annual voluntary selfassessment that is hosted on the RSA Archer Suite, which is a technology platform that provides a foundation for managing policies, controls, risks, assessments, and deficiencies across organizational lines of business. The NCSR self-assessment runs every year from October–December. In efforts of increasing participation, the deadline is sometimes extended. The target audience for the NCSR are personnel within the SLTT community who are VerDate Sep<11>2014 19:46 Oct 16, 2018 Jkt 247001 responsible for the cybersecurity management within their organization. Through the NCSR, DHS & MS–ISAC will examine relationships, interactions, and processes governing IT management and the ability to effectively manage operational risk. Using the anonymous results of the NCSR, DHS delivers a biannual summary report to Congress that provides a broad picture of the cybersecurity gaps & capabilities of SLTT governments across the nation. The bi-annual summary report is shared with MS–ISAC members, NCSR End Users, and Congress. The report is also available on the MS–ISAC website, https://www.cisecurity.org/ms-isac/ services/ncsr/. Upon submission of the NCSR selfassessment, participants will immediately receive access to several reports specific to their organization and their cybersecurity posture. Additionally, after the annual NCSR survey closes there will be a brief NCSR End User Survey offered to everyone who completed the NSCR assessment. The survey will provide feedback on participants’ experiences, such as from how they heard about the NCSR, what they found or did not find useful, how they will utilize the results of their assessment, and other information about their current and future interactions with the NCSR. Additionally, MS–ISAC will administer a survey to those who were registered participants in the past and did not register or complete the most recent NCSR. The purpose of the NonResponse Survey is to solicit feedback on ways the NSCR could be improved to maximize benefits and increase response rates in the future. The NCSR assessment requires approximately two hours for completion and is located on the RSA Archer Suite. During the assessment period, participants can respond at their own pace with the ability to save their progress during each session. If additional support is needed, participants can contact the NCSR helpdesk via phone and email. The NCSR End User survey will be fully electronic. It contains less than 30 multiple choice and fill-in-the-blank answers and takes approximately 10 minutes to complete. The feedback survey will be administered via Survey Monkey and settings will be updated to opt out of collecting participants’ IP addresses. The Non-Response Survey will be fully electronic and take approximately 10 minutes to complete. The survey will be administered via Survey Monkey and settings will be updated to opt out of collecting participants’ IP addresses. PO 00000 Frm 00125 Fmt 4703 Sfmt 4703 This is a new information collection. OMB is particularly interested in comments that: 1. Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility; 2. Evaluate the accuracy of the agency’s estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used; 3. Enhance the quality, utility, and clarity of the information to be collected; and 4. Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submissions of responses. Title of Collection: Nationwide Cyber Security Review Assessment. OMB Control Number: 1670–NEW. Frequency: Annually. Affected Public: State, Local, Tribal, and Territorial entities. Number of Respondents: 591. Estimated Time per Respondent: 2 hours. Total Burden Hours: 1,278. Total Burden Cost (capital/startup): $0. Total Recordkeeping Burden: $0. Total Burden Cost (operating/ maintaining): $0. David Epperson, Chief Information Officer. [FR Doc. 2018–22548 Filed 10–16–18; 8:45 am] BILLING CODE 9110–9P–P DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS–2018–0058] Telecommunications Service Priority System Office of Cybersecurity and Communications (CS&C), National Protection and Programs Directorate (NPPD), Department of Homeland Security (DHS). ACTION: 60-Day Notice and request for comments; Extension, 1670–0005. AGENCY: DHS NPPD CS&C will submit the following Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995. SUMMARY: E:\FR\FM\17OCN1.SGM 17OCN1

Agencies

[Federal Register Volume 83, Number 201 (Wednesday, October 17, 2018)]
[Notices]
[Pages 52499-52500]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-22548]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY


Nationwide Cyber Security Review Assessment

AGENCY: Office of Cybersecurity and Communications (CS&C), National 
Protection and Programs Directorate (NPPD), Department of Homeland 
Security (DHS).

ACTION: 30-Day Notice and request for comments; New Collection, 1670-
NEW.

-----------------------------------------------------------------------

SUMMARY: DHS NPPD CS&C will submit the following information collection 
request (ICR) to the Office of Management and Budget (OMB) for review 
and clearance in accordance with the Paperwork Reduction Act of 1995. 
DHS previously published this information collection request (ICR) in 
the Federal Register on Thursday, July 5, 2018 at 83 FR 31412 for a 60-
day public comment period. 0 comments were received by DHS. The purpose 
of this notice is to allow an additional 30 days for public comments.

DATES: Comments are encouraged and will be accepted until November 16, 
2018.

ADDRESSES: Interested persons are invited to submit written comments on 
the proposed information collection to the Office of Information and 
Regulatory Affairs, Office of Management and Budget. Comments should be 
addressed to OMB Desk Officer, Department of Homeland Security and sent 
via electronic mail to [email protected]. All submissions must 
include the words ``Department of Homeland Security'' and the OMB 
Control Number 1670-NEW--Nationwide Cyber Security Review Assessment.
    Comments submitted in response to this notice may be made available 
to the public through relevant websites. For this reason, please do not 
include in your comments information of a confidential nature, such as 
sensitive personal information or proprietary information. If you send 
an email comment, your email address will be automatically captured and 
included as part of the comment that is placed in the public docket and 
made available on the internet. Please note that responses to this 
public comment request containing any routine notice about the 
confidentiality of the communication will be treated as public comments 
that may be made available to the public notwithstanding the inclusion 
of the routine notice.

FOR FURTHER INFORMATION CONTACT: For specific questions related to 
collection activities, please contact Donna Beach at 703-705-6213 or at 
[email protected].

SUPPLEMENTARY INFORMATION: In its reports to the Department of Homeland 
Security Appropriations Act, 2010, Congress requested a Nationwide 
Cyber Security Review (NCSR) from the National Cyber Security Division 
(NCSD), the predecessor organization of the Stakeholder Engagement and 
Cyber Infrastructure Resilience (SECIR) division. S. Rep. No. 111-31, 
at 91 (2009), H.R. Rep. No. 111-298, at 96 (2009). The House Conference 
Report accompanying the Department of Homeland Security Appropriations 
Act, 2010 ``note[d] the importance of a comprehensive effort to assess 
the security level of cyberspace at all levels of government'' and 
directed DHS to ``develop the necessary tools for all levels of 
government to complete a cyber network security assessment so that a 
full measure of gaps and capabilities can be completed in the near 
future.'' H.R. Rep. No. 111-298, at 96 (2009). Concurrently, in its 
report accompanying the Department of Homeland Security Appropriations 
Bill, 2010, the Senate Committee on Appropriations recommended that DHS 
``report on the status of cyber security measures in place, and gaps in 
all 50 States and the largest urban areas.'' S. Rep. No. 111-31, at 91 
(2009).
    The Homeland Security Act of 2002, as amended, established ``a 
national cybersecurity and communications integration center [NCCIC] . 
. . to carry out certain responsibilities of the Under Secretary,'' 
including the provision of assessments. 6 U.S.C. 148(b). The Act also 
directs the composition of the NCCIC to include an entity that 
collaborates with State and local governments on cybersecurity risks 
and incidents, and has entered into a voluntary information sharing 
relationship with the NCCIC. 6 U.S.C. 148(d)(1)(E). The Multistate 
Information Sharing and Analysis Center (MS-ISAC) currently fulfills 
this function. NPPD funds the MS-ISAC through a Cooperative Agreement 
and maintains a close relationship with this entity. As part of the 
Cooperative Agreement, DHS directs the MS-ISAC to produce the NCSR as 
contemplated by Congress.
    Generally, NPPD has authority to perform risk and vulnerability 
assessments for Federal and non-Federal entities, with consent and upon 
request. The NCCIC performs these assessments in accordance with its 
authority to provide voluntary technical assistance to Federal and non-
Federal entities. See 6 U.S.C. 148(c)(6), 143(2). This authority

[[Page 52500]]

is consistent with the Department's responsibility to ``[c]onduct 
comprehensive assessments of the vulnerabilities of the Nation's 
critical infrastructure in coordination with the SSAs [Sector-Specific 
Agencies] and in collaboration with SLTT [State, Local, Tribal, and 
Territorial] entities and critical infrastructure owners and 
operators.'' Presidential Policy Directive (PPD)-21, at 3. A private 
sector entity or state and local government agency also has discretion 
to use a self-assessment tool offered by NPPD or request NPPD to 
perform an on-site risk and vulnerability assessment. See 6 U.S.C. 
148(c)(6), 143(2), 6 U.S.C. 121(d)(2). The NCSR is a voluntary annual 
self-assessment.
    Upon submission of the first NCSR report in March 2012, Congress 
further clarified its expectation ``that this survey will be updated 
every other year so that progress may be charted and further areas of 
concern may be identified.'' S. Rep. No. 112-169, at 100 (2012). In 
each subsequent year, Congress has referenced this NCSR in its 
explanatory comments and recommendations accompanying the Department of 
Homeland Security Appropriations. Consistent with Congressional 
mandates, SECIR developed the NCSR to measure the gaps and capabilities 
of cybersecurity programs within SLTT governments. Using the anonymous 
results of the NCSR, DHS delivers a bi-annual summary report to 
Congress that provides a broad picture of the current cybersecurity 
gaps & capabilities of SLTT governments across the nation.
    The assessment allows SLTT governments to manage cybersecurity 
related risks through the NIST Cybersecurity Framework (CSF) which 
consists of best practices, standards and guidelines. In efforts of 
continuously providing Congress with an accurate representation of the 
SLTT governments' cybersecurity programs gaps and capabilities the NCSR 
question sets and surveys may slightly change from year-to-year to 
accurately reflect the current cybersecurity environment.
    The NCSR is an annual voluntary self-assessment that is hosted on 
the RSA Archer Suite, which is a technology platform that provides a 
foundation for managing policies, controls, risks, assessments, and 
deficiencies across organizational lines of business. The NCSR self-
assessment runs every year from October-December. In efforts of 
increasing participation, the deadline is sometimes extended. The 
target audience for the NCSR are personnel within the SLTT community 
who are responsible for the cybersecurity management within their 
organization.
    Through the NCSR, DHS & MS-ISAC will examine relationships, 
interactions, and processes governing IT management and the ability to 
effectively manage operational risk. Using the anonymous results of the 
NCSR, DHS delivers a bi-annual summary report to Congress that provides 
a broad picture of the cybersecurity gaps & capabilities of SLTT 
governments across the nation. The bi-annual summary report is shared 
with MS-ISAC members, NCSR End Users, and Congress. The report is also 
available on the MS-ISAC website, https://www.cisecurity.org/ms-isac/services/ncsr/.
    Upon submission of the NCSR self-assessment, participants will 
immediately receive access to several reports specific to their 
organization and their cybersecurity posture. Additionally, after the 
annual NCSR survey closes there will be a brief NCSR End User Survey 
offered to everyone who completed the NSCR assessment. The survey will 
provide feedback on participants' experiences, such as from how they 
heard about the NCSR, what they found or did not find useful, how they 
will utilize the results of their assessment, and other information 
about their current and future interactions with the NCSR.
    Additionally, MS-ISAC will administer a survey to those who were 
registered participants in the past and did not register or complete 
the most recent NCSR. The purpose of the Non-Response Survey is to 
solicit feedback on ways the NSCR could be improved to maximize 
benefits and increase response rates in the future.
    The NCSR assessment requires approximately two hours for completion 
and is located on the RSA Archer Suite. During the assessment period, 
participants can respond at their own pace with the ability to save 
their progress during each session. If additional support is needed, 
participants can contact the NCSR helpdesk via phone and email.
    The NCSR End User survey will be fully electronic. It contains less 
than 30 multiple choice and fill-in-the-blank answers and takes 
approximately 10 minutes to complete. The feedback survey will be 
administered via Survey Monkey and settings will be updated to opt out 
of collecting participants' IP addresses.
    The Non-Response Survey will be fully electronic and take 
approximately 10 minutes to complete. The survey will be administered 
via Survey Monkey and settings will be updated to opt out of collecting 
participants' IP addresses.
    This is a new information collection.
    OMB is particularly interested in comments that:
    1. Evaluate whether the proposed collection of information is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    2. Evaluate the accuracy of the agency's estimate of the burden of 
the proposed collection of information, including the validity of the 
methodology and assumptions used;
    3. Enhance the quality, utility, and clarity of the information to 
be collected; and
    4. Minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology, e.g., permitting electronic 
submissions of responses.
    Title of Collection: Nationwide Cyber Security Review Assessment.
    OMB Control Number: 1670-NEW.
    Frequency: Annually.
    Affected Public: State, Local, Tribal, and Territorial entities.
    Number of Respondents: 591.
    Estimated Time per Respondent: 2 hours.
    Total Burden Hours: 1,278.
    Total Burden Cost (capital/startup): $0.
    Total Recordkeeping Burden: $0.
    Total Burden Cost (operating/maintaining): $0.

David Epperson,
Chief Information Officer.
[FR Doc. 2018-22548 Filed 10-16-18; 8:45 am]
 BILLING CODE 9110-9P-P