Chemical Security Assessment Tool (CSAT), 19929-19933 [2019-09319]
Download as PDF
<![CDATA[
Federal Register / Vol. 84, No. 88 / Tuesday, May 7, 2019 / Notices
The public meeting will be
held at the Woodrow Wilson
International Center for Scholars
(‘‘Wilson Center’’), located at 1300
Pennsylvania Avenue NW, Washington,
DC 20004. All visitors will be processed
through the lobby of the Wilson Center.
For information on facilities or services
for individuals with disabilities, or to
request special assistance at the
meeting, contact Mike Miron at HSAC@
hq.dhs.gov or (202) 447–3135 as soon as
possible. Written public comments prior
to the meeting must be received by 5:00
p.m. EDT on Friday, May 17, 2018, and
must be identified by Docket No. DHS–
2019–0011. Written public comments
after the meeting must be identified by
Docket No. DHS–2019–0011 and may be
submitted by one of the following
methods:
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
• Email: HSAC@hq.dhs.gov. Include
Docket No. DHS–2019–0011 in the
subject line of the message.
• Fax: (202) 282–9207. Include Mike
Miron and the Docket No. DHS–2019–
0011 in the subject line of the message.
• Mail: Mike Miron, Deputy
Executive Director of Homeland
Security Advisory Council, Office of
Partnership and Engagement, Mailstop
0385, Department of Homeland
Security, 2707 Martin Luther King Jr
Ave. SE, Washington, DC 20528.
Instructions: All submissions received
must include the words ‘‘Department of
Homeland Security’’ and ‘‘DHS–2019–
0011,’’ the docket number for this
action. Comments received will be
posted without alteration at https://
www.regulations.gov, including any
personal information provided.
Docket: For access to the docket to
read comments received by the Council,
go to https://www.regulations.gov, search
‘‘DHS–2019–0011,’’ ‘‘Open Docket
Folder’’ and provide your comments.
FOR FURTHER INFORMATION CONTACT:
Mike Miron at HSAC@hq.dhs.gov or at
(202) 447–3135.
SUPPLEMENTARY INFORMATION: Notice of
this meeting is given under Section
10(a) of the Federal Advisory Committee
Act (FACA), Public Law 92–463 (5
U.S.C. Appendix), which requires each
FACA committee meeting to be open to
the public.
The Council provides organizationally
independent, strategic, timely, specific,
actionable advice, and
recommendations to the Secretary of
Homeland Security on matters related to
homeland security. The Council is
comprised of leaders of local law
enforcement, first responders, Federal,
jbell on DSK3GLQ082PROD with NOTICES
ADDRESSES:
VerDate Sep<11>2014
16:24 May 06, 2019
Jkt 247001
State, and local government, the private
sector, and academia.
The Council will meet in an open
session between 1:00 p.m. to 3:30 p.m.
EDT. The Council will swear in new
members, they will receive an update
from the Families and Children Care
Panel subcommittee, and review and
deliberate on reports from the; State,
Local, Tribal, and Territorial
Cybersecurity; Emerging Technologies;
and Countering Foreign Influence
subcommittees. Following this, there
will be a break for public commentary.
The Council will meet in a closed
session from 8:45 a.m. to 12:50 p.m.
EDT to receive sensitive operational
information from senior officials on
current counterterrorism threats, border
security, aviation security, and
cybersecurity.
Basis for Partial Closure: In
accordance with Section 10(d) of FACA,
the Secretary of Homeland Security has
determined this meeting requires partial
closure. The disclosure of the
information relayed would be
detrimental to the public interest for the
following reasons:
The Council will receive closed
session briefings at the For Official Use
Only and Law Enforcement sensitive
information from senior officials. These
briefings will concern matters sensitive
to homeland security within the
meaning of 5 U.S.C. 552b(c)(7)(E) and
552b(c)(9)(B). The Council will receive
operational counterterrorism updates on
the current threat environment and
security measures associated with
countering such threats, including those
related to aviation security programs,
border security, immigration
enforcement, and cybersecurity.
The session is closed under 5 U.S.C.
552b(c)(7)(E) because disclosure of that
information could reveal investigative
techniques and procedures not generally
available to the public, allowing
terrorists and those with interests
against the United States to circumvent
the law and thwart the Department’s
strategic initiatives. Specifically, there
will be material presented during the
briefings regarding the latest viable
threats against the United States and
how DHS and other Federal agencies
plan to address those threats. Disclosure
of this information could frustrate the
successful implementation of protective
measures designed to keep our country
safe. In addition, the session is closed
pursuant to 5 U.S.C. 552b(c)(9)(B)
because disclosure of these techniques
and procedures could frustrate the
successful implementation of protective
measures designed to keep our country
safe.
PO 00000
Frm 00031
Fmt 4703
Sfmt 4703
19929
Participation: Members of the public
will have until 5:00 p.m. EDT on Friday,
May 17, 2019, to register to attend the
Council meeting on Tuesday, May 21,
2019. Due to limited availability of
seating, admittance will be on a firstcome first-serve basis. Participants
interested in attending the meeting can
contact Mike Miron at HSAC@
hq.dhs.gov or (202) 447–3135. You are
required to provide your full legal name,
date of birth, and company/agency
affiliation. The public may access the
facility via public transportation or use
the public parking garages located near
the Fashion Centre at Pentagon City.
Members of the public will meet at
12:30 p.m. EDT at the lobby of the
Wilson Center. Late arrivals after 1:00
p.m. EDT will not be permitted access
to the facility.
Facility Access: You are required to
present a valid original government
issued ID, to include a State Driver’s
License or Non-Driver’s Identification
Card, U.S. Government Common Access
Card (CAC), Military Identification Card
or Person Identification Verification
Card; U.S. Passport, U.S. Border
Crossing Card, Permanent Resident Card
or Alien Registration Card; or Native
American Tribal Document.
Dated: April 29, 2019.
Matthew Hayden,
Executive Director, Homeland Security
Advisory Council, Department of Homeland
Security.
[FR Doc. 2019–09318 Filed 5–6–19; 8:45 am]
BILLING CODE 9110–9B–P
DEPARTMENT OF HOMELAND
SECURITY
[Docket No. DHS–2018–0068]
Chemical Security Assessment Tool
(CSAT)
Infrastructure Security Division
(ISD), Cybersecurity and Infrastructure
Security Agency (CISA), Department of
Homeland Security (DHS).
ACTION: 30-Day notice and request for
comments; revision of information
collection.
AGENCY:
DHS CISA ISD will submit
the following Information Collection
Request (ICR) to the Office of
Management and Budget (OMB) for
review and clearance in accordance
with the Paperwork Reduction Act of
1995. CISA previously published this
ICR, in the Federal Register on February
7, 2019, for a 60-day comment period.
In this notice, CISA: (1) Responds to one
commenter that submitted multiple
comments in response to the 60-day
SUMMARY:
E:\FR\FM\07MYN1.SGM
07MYN1
19930
Federal Register / Vol. 84, No. 88 / Tuesday, May 7, 2019 / Notices
jbell on DSK3GLQ082PROD with NOTICES
notice, (2) revises the burden associated
with an instrument, and (3) solicits
public comment concerning this ICR for
an additional 30-days.
DATES: Comments are due by June 6,
2019.
ADDRESSES: Interested persons are
invited to submit written comments on
the proposed information collection to
the Office of Information and Regulatory
Affairs, OMB. Comments should be
addressed to OMB Desk Officer,
Department of Homeland Security,
Cybersecurity and Infrastructure
Security Agency and sent via electronic
mail to dhsdeskofficer@omb.eop.gov.
All submissions must include the words
‘‘Department of Homeland Security’’
and the OMB Control Number 1670–
0007—Chemical Security Assessment
Tool.
Comments submitted in response to
this notice may be made available to the
public through relevant websites. For
this reason, please do not include in
your comments information of a
confidential nature, such as sensitive
personal information or proprietary
information. Please note that responses
to this public comment request
containing any routine notice about the
confidentiality of the communication
will be treated as public comments that
may be made available to the public
notwithstanding the inclusion of the
routine notice.
Comments that include trade secrets,
confidential commercial or financial
information, Chemical-terrorism
Vulnerability Information (CVI),1
Sensitive Security Information (SSI),2 or
Protected Critical Infrastructure
Information (PCII) 3 should not be
submitted to the public docket.
Comments containing trade secrets,
confidential commercial or financial
information, CVI, SSI, or PCII should be
appropriately marked and packaged in
accordance with applicable
requirements and submitted by mail to
the DHS/CISA/Infrastructure Security
Division, CFATS Program Manager, 245
Murray Lane SW, Mail Stop 0610,
Arlington, VA 20528–0610. The
Department will forward all comments
received by the submission deadline to
the OMB Desk Officer.
FOR FURTHER INFORMATION CONTACT:
Craig Conklin, 703–235–5263, cfats@
hq.dhs.gov.
1 For more information about CVI see 6 CFR
27.400 and the CVI Procedural Manual at
www.dhs.gov/publication/safeguarding-cvi-manual.
2 For more information about SSI see 49 CFR part
1520 and the SSI Program web page at www.tsa.gov/
for-industry/sensitive-security-information.
3 For more information about PCII see 6 CFR part
29 and the PCII Program web page at www.dhs.gov/
pcii-program.
VerDate Sep<11>2014
16:24 May 06, 2019
Jkt 247001
The
CFATS Program identifies and regulates
the security of high-risk chemical
facilities using a risk-based approach.
Congress initially authorized the CFATS
Program under Section 550 of the
Department of Homeland Security
Appropriations Act of 2007, Public Law
109–295 (2006). Congress reauthorized
the CFATS Program for an additional
five years and three months under the
Protecting and Securing Chemical
Facilities from Terrorist Attacks Act of
2014 and the Chemical Facility AntiTerrorism Standards Program Extension
Act.4 The Department implemented the
CFATS Program through rulemaking
and issued an Interim Final Rule (IFR)
on April 9, 2007 and a final rule on
November 20, 2007. See 72 FR 17688
and 72 FR 65396.
CISA5 collects the core regulatory
data necessary to implement CFATS
through the Chemical Security
Assessment Tool (CSAT) covered under
this collection. For more information
about CFATS and CSAT, please visit
www.dhs.gov/chemicalsecurity. This
information collection (OMB Control
No. 1670–0007) will expire on July 31,
2019.6
SUPPLEMENTARY INFORMATION:
1. Responses to Comments Submitted
During 60-Day Comment Period
In response to the 60-day notice 7 that
solicited comments, CISA received
several comments from a single
commenter related to the instrument,
‘‘Identification of Facilities and Assets
at Risk.’’ 8
Comment: The commenter believed
that CISA had not provided sufficient
information in the 60-day notice to
allow adequate comment about the
instrument, ‘‘Identification of
Additional Facilities and Assets at
Risk.’’ The commenter referenced the
existing instrument 9 and described the
two sections within the instrument.
4 The
CFATS Act of 2014 codified the CFATS
program into the Homeland Security Act of 2002.
See 6 U.S.C. 621 et seq.; see also The Chemical
Facility Anti-Terrorism Standards Program
Extension Act. Public Law 116–2 (2019).
5 Pursuant to the Cybersecurity and Infrastructure
Security Agency Act of 2018, the National
Protection and Program Directorate (NPPD) was redesignated as CISA. See 6 U.S.C. 652.
6 The currently approved version of this
information collection (OMB Control No. 1670–
0007) can be viewed at https://www.reginfo.gov/
public/do/PRAViewICR?ref_nbr=201604-1670-001.
7 The 60-day notice for this ICR was published on
February 7, 2019 at 84 FR 2558. The notice may be
viewed at https://www.federalregister.gov/d/201901378.
8 The comment may be viewed at https://
www.regulations.gov/document?D=DHS-2018-00680002.
9 The instrument ‘‘Identification of Additional
Facilities and Assets at Risk’’ in the currently
approved information collection may be viewed at
PO 00000
Frm 00032
Fmt 4703
Sfmt 4703
The first section of the current
instrument is titled, ‘‘Identification of
Facilities’’ and collects information on a
voluntary basis when a facility ships
and/or receives Chemicals of Interest
(COI). The instrument collects: (1)
Shipping and/or receiving procedures,
(2) Invoices and receipts, and (3)
Company names and locations that COI
is shipped to and/or received from.
The second section is titled, ‘‘Assets
at Risk’’ and collects information on a
voluntary basis when the facility
identifies a Supervisory Control and
Data Acquisition (SCADA), Distributed
Control System (DCS), Process Control
Systems (PCS), or Industrial Control
Systems (ICS). Specifically, the
instrument collects information about:
(1) Details on the system(s) that
controls, monitors, and/or manages
small to large production systems as
well as how the system(s) operates; and
(2) If it is standalone or connected to
other systems or networks and
document the specific brand and name
of the system(s).
The commenter reviewed the current
instrument and noticed that CISA’s
estimates about the number of
respondents related to only the first
section of the current instrument (i.e.
Identification of Facilities). Specifically,
in the 60-day notice, CISA stated:
The current information collection
estimated that each year 211 respondents
would respond to this instrument. For this
ICR, CISA estimates that the annual number
of respondents will be 845, because CISA
only requests this information from covered
chemical facilities that undergo compliance
inspections and ship chemicals of interest
(COI). CISA completes approximately 1,920
compliance inspections per year. Of these,
approximately 44 percent of the covered
chemical facilities inspected ship COI.
Therefore, CISA estimates 845 respondents
for this instrument [= 1,920 facilities
inspected × 44 percent of facilities ship
COI].10
The commenter concluded that CISA,
based on the description provided in the
60-day notice about how the number of
respondents was derived, could be
seeking to revise the instrument and
remove the second section (i.e., Assets
at Risk).
Response: CISA is not seeking to
remove the Assets at Risk portion of the
instrument. As a result of the
commenter’s questions CISA realized
that it had omitted accounting for the
burden associated with the second
section (i.e., Assets at Risk) within the
instrument. Therefore, CISA has revised
https://www.reginfo.gov/public/do/Download
Document?objectID=66215302.
10 This quote is from the 60-day Federal Register
Notice at 84 FR 2563 (Feb. 7, 2019).
E:\FR\FM\07MYN1.SGM
07MYN1
19931
Federal Register / Vol. 84, No. 88 / Tuesday, May 7, 2019 / Notices
its estimates for this instrument in Part
2 (Analysis) of this notice.
Comment: The commenter requested
information on how many facilities
provided responses to the first section
(i.e., Identification of Facilities) and the
second section (i.e., Assets at Risk) of
the ‘‘Identification of Additional
Facilities and Assets at Risk’’
instrument. The commenter also
requested the criteria CISA used to
select which facilities were requested
information under the second section of
the instrument.
Response: With respect to the first
section of the instrument (i.e.
Identification of Facilities), as discussed
in the 60-day notice, CISA collects
information under the first section of
this instrument when conducting
inspections at facilities that ship and/or
receive COI. As described in the 60-day
notice, CISA completes approximately
1,920 compliance inspections per year.
Of these, approximately 44 percent of
the covered chemical facilities
inspected ship COI. Therefore, CISA
estimates 845 facilities were asked to
identify facilities.
With respect to the second section of
the instrument (i.e., Assets at Risk), if a
covered chemical facility has identified
jbell on DSK3GLQ082PROD with NOTICES
FY2017
(10/2016–09/2017)
a cyber-related system in their Security
Vulnerability Assessment (SVA) or Site
Security Plan (SSP) information, CISA
may request the information covered
under this instrument during
interactions that occur during: (1)
Compliance Assistance Visits, (2)
Authorization Inspections, and (3) a
Compliance Inspections.11 Since
October 2016 CISA has performed 6,453
of these interactions at such facilities
and asked questions about assets at risk.
The results of these interactions and
number of times CISA asked questions
about assets at risk are provided in the
table below:12
FY2018
(10/2017–09/2018)
FY2019
(10/2018–02/2019)
Compliance Assistance Visits ........................................................................
Authorization Inspections ...............................................................................
Compliance Inspections .................................................................................
824
128
12 1066
1,444
875
1009
388
85
634
Subtotal ...................................................................................................
2,018
3,328
1,107
Total .................................................................................................
..................................
..................................
6,453
Comment: The commenter requested
information about how many facilities
voluntarily provided information to the
first section (i.e., Identification of
Facilities) and the second section (i.e.,
Assets at Risk) of the ‘‘Identification of
Additional Facilities and Assets at Risk’’
instrument.
Response: With respect to the first
section of the instrument (i.e.
Identification of Facilities),
approximately 15 facilities provided
information that identified other
facilities. With respect to the second
section (i.e., Assets at Risk), every
facility provided information about their
assets at risk.
Comment: The commenter requested
information about whether any data
provided in the ‘‘Assets at Risk’’ section
of the instrument had not been
previously provided in an approved
facility’s site security plan (SSP).
Response: CISA has found that the
information generally collected under
the section (Assets at Risk) is not
information previously provided in an
approved facility’s SSP or ASP. The
information collected through the
second section of the instrument
generally supplements the information
provided by covered chemical facilities
in their SSP or ASP. Information
collected through this instrument is
recorded in case files created by CISA
employees outside of the SSP or ASP
(e.g., Compliance Inspection Reports).
Comment: The commenter requested
information about the outcomes from
the information collected under the first
section (i.e. Identification of Facilities)
of this instrument. Specifically: (1) How
many of the facilities identified by CISA
through information collected from the
first section of this instrument had not
previously completed a Top Screen
submission; (2) Of those previously
unidentified facilities, how many
subsequently submitted Top-Screens;
and (3) Of those previously unidentified
facilities that submitted Top Screens,
how many were subsequently identified
as being at high-risk.
Response: CISA began routinely
requesting information under the first
section (i.e., Identification of Facilities)
of this instrument in 2018. Since then
CISA approximately 15 facilities
11 This information is not covered under the SSP
because the information is not subsequently
submitted through the CSAT SSP but rather
documented by an inspector or other appropriate
employee of CISA.
12 The data element used to determine whether or
not cyber questions were explicitly asked as a part
of compliance questions CISA is whether the data
from the SVA and SSP were auto-populated in
Compliance Inspection reports. This process began
during FY2016 and thus the estimate of 1066 is an
undercount of the total questions asked during the
FY.
13 The FY19 CFATS Outreach Implementation
Plan is required by the Protecting and Securing
Chemical Facilities from Terrorist Attacks Act of
2014 (the CFATS Act of 2014), Public Law 113–254
(6 U.S.C. 621 et seq.). The CFATS Act of 2014
directed the Department of Homeland Security,
among other provisions, to establish an outreach
implementation plan in coordination with the
heads of appropriate Federal and State agencies,
VerDate Sep<11>2014
17:46 May 06, 2019
Jkt 247001
PO 00000
Frm 00033
Fmt 4703
Sfmt 4703
responded to the request for
information, those that did respond
provided valuable data. CISA received
information on 172 facilities that had
not previously submitted Top-Screens.
CISA is currently working with those
facilities to determine if they are
required to submit a Top-Screen. As of
February 2019, from the 172 facilities
CISA has received 27 Top-Screens of
which 18 were subsequently determined
to be high-risk (i.e., 66%). CISA believes
that voluntarily supplied customer and
suppliers lists are an excellent source of
information to identify chemical
facilities of interest and covered
chemical facilities.
Comment: The commenter also asked
why this instrument was not mentioned
in the FY 2019 CFATS Outreach
Implementation Plan.13
Response: CISA did not include this
process, by which CISA could
potentially identify facilities, because of
the low response rate. CISA will
consider including it in the next
outreach plan.
relevant business associations, and public and
private stakeholders’ labor organizations in order to
identify chemical facilities of interest (CFOI) that
may be subject to regulations under CFATS and to
make available compliance assistance materials and
information on CFATS-related education and
training. The FY19 CFATS Outreach
Implementation Plan may be viewed at (https://
www.dhs.gov/publication/cfats-oip).
E:\FR\FM\07MYN1.SGM
07MYN1
19932
Federal Register / Vol. 84, No. 88 / Tuesday, May 7, 2019 / Notices
2. Analysis
CISA continues to rely on the analysis
and resulting burden estimates provided
in the 60-day notice for the: (1) TopScreen, (2) Security Vulnerability
Assessment (SVA) and Alternative
Security Plan (ASP) submitted in lieu of
an SVA, (3) SSP and ASP submitted in
lieu of an SSP, (4) CFATS Help Desk,
and (5) CSAT User Registration. CISA
has revised its analysis and resulting
burden estimates for the instrument,
‘‘Identification of Facilities and Assets
at Risk.’’ CISA’s analysis is described in
the next section.
CISA would also like to clarify the
scope and purpose of one aspect of the
CSAT User Registration instrument that
does not revise its burden estimate.
Specifically, that CISA uses the
Authorizer role in CSAT to send official
correspondence.
3. CISA’S Methodology in Estimating
the Burden for Identification of
Additional Facilities and Assets at Risk
Number of Respondents
The current information collection
estimated that each year 211
respondents would respond to this
instrument. In the 60-day notice, CISA
estimated that the annual number of
respondents to be 845. As a result of
public comment CISA has revised its
estimate in this notice from 845 to
3,426. This revised estimate is based
upon the sum of 845 respondents for the
first section of this instrument (see 60day notice for the basis of this estimate)
and 2,581 respondents for the second
section of this instrument. CISA
estimated 2,581 respondents for the
second section by annualizing the
number of interactions described earlier
in this notice since October of 2016 (i.e.,
2,581 = [6,453 respondents over a 2.5
year time span/2.5 years]).
jbell on DSK3GLQ082PROD with NOTICES
Estimated Time per Respondent
In the current information collection,
the estimated time per respondent is
0.17 hours (10 minutes). CISA believes
that this estimate is reasonable for either
the first or the second section of the
instrument. Therefore, in this ICR, CISA
maintains this estimate.
Annual Burden Hours
The annual burden estimate is 571
hours [ = 3,426 respondents × 1
response per respondent × 0.17 hours
per respondent].
Total Annual Burden Cost
CISA assumes that SSOs will be
responsible for providing this
information. Therefore, to estimate the
total annual burden, CISA multiplied
VerDate Sep<11>2014
16:24 May 06, 2019
Jkt 247001
the annual burden of 571 hours by the
average hourly compensation rate of
SSOs. The total annual burden for the
Identification of Additional Facilities
and Assets at Risk is $45,505 [ = 571
annual burden hours × $79.69 per hour].
Total Burden Cost (Capital/Startup)
In the current information collection,
CISA estimated a one-time capital cost
would be incurred by 3,000 respondents
as a result of the CSAT 2.0
implementation. These capital costs
were one-time costs for respondents and
therefore have been removed from this
information collection.
Total Recordkeeping Burden
There is no recordkeeping burden for
this instrument.
Public Participation
OMB is particularly interested in
comments that:
1. Evaluate whether the proposed
collection of information is necessary
for the proper performance of the
functions of the agency, including
whether the information will have
practical utility;
2. Evaluate the accuracy of the
agency’s estimate of the burden of the
proposed collection of information,
including the validity of the
methodology and assumptions used;
3. Enhance the quality, utility, and
clarity of the information to be
collected; and
4. Minimize the burden of the
collection of information on those who
are to respond, including through the
use of appropriate automated,
electronic, mechanical, or other
technological collection techniques, or
other forms of information technology
(e.g., permitting electronic submissions
of responses).
Analysis
Title of Collection: Chemical Security
Assessment Tool.
OMB Control Number: 1670–0007.
Instrument: Top-Screen.
Frequency: ‘‘On occasion’’ and
‘‘Other’’.
Affected Public: Business or other forprofit.
Annual Number of Respondents:
2,332 respondents (estimate).
Estimated Time per Respondent: 1.09
hours.
Total Annual Burden Hours: 2,553
hours.
Total Annual Burden Cost: $203,450.
Total Annual Burden Cost (capital/
startup): $0.
Total Recordkeeping Burden: $0
Instrument: Security Vulnerability
Assessment and Alternative Security
PO 00000
Frm 00034
Fmt 4703
Sfmt 4703
Program submitted in lieu of a Security
Vulnerability Assessment.
Frequency: ‘‘On occasion’’ and
‘‘Other.’’
Affected Public: Business or other forprofit.
Annual Number of Respondents:
1,683 respondents (estimate).
Estimated Time per Respondent: 1.24
hours.
Total Annual Burden Hours: 2,083
hours.
Total Annual Burden Cost: $166,028.
Total Annual Burden Cost (capital/
startup): $0.
Total Recordkeeping Burden: $0.
Instrument: Site Security Plan and
Alternative Security Program submitted
in lieu of a Site Security Plan.
Frequency: ‘‘On occasion’’ and
‘‘Other.’’
Affected Public: Business or other forprofit.
Annual Number of Respondents:
1,683 respondents (estimate).
Estimated Time per Respondent: 2.72
hours.
Total Annual Burden Hours: 4,582
hours.
Total Annual Burden Cost: $365,141.
Total Annual Burden Cost (capital/
startup): $0.
Total Recordkeeping Burden:
$516,825.
Instrument: CFATS Help Desk.
Frequency: ‘‘On occasion’’ and
‘‘Other.’’
Affected Public: Business or other forprofit.
Annual Number of Respondents:
15,000 respondents (estimate).
Estimated Time per Respondent: 0.17
hours.
Total Annual Burden Hours: 2,500
hours.
Total Annual Burden Cost: $199,233.
Total Annual Burden Cost (capital/
startup): $0.
Total Recordkeeping Burden: $0.
Instrument: User Registration.
Frequency: ‘‘On occasion’’ and
‘‘Other’’
Affected Public: Business or other forprofit.
Annual Number of Respondents:
1,000 respondents (estimate).
Estimated Time per Respondent: 2.5
hours.
Total Annual Burden Hours: 2,500
hours.
Total Annual Burden Cost: $199,233.
Total Annual Burden Cost (capital/
startup): $0.
Total Recordkeeping Burden: $0.
Instrument: Identification of Facilities
and Assets at Risk.
Frequency: ‘‘On occasion’’ and
‘‘Other.’’
E:\FR\FM\07MYN1.SGM
07MYN1
Federal Register / Vol. 84, No. 88 / Tuesday, May 7, 2019 / Notices
Affected Public: Business or other forprofit.
Annual Number of Respondents:
3,426 respondents (estimate).
Estimated Time per Respondent: 0.17
hours.
Total Annual Burden Hours: 571
hours.
Total Annual Burden Cost: $45,505.
Total Annual Burden Cost (capital/
startup): $0.
Total Recordkeeping Burden: $0.
Scott Libby,
Deputy Chief Information Officer.
[FR Doc. 2019–09319 Filed 5–6–19; 8:45 am]
BILLING CODE 9110–9P–P
DEPARTMENT OF HOUSING AND
URBAN DEVELOPMENT
[Docket No. FR–7011–N–17]
30-Day Notice of Proposed Information
Collection: Public Housing Operating
Subsidy—Appeals
Office of the Chief Information
Officer, HUD.
ACTION: Notice.
AGENCY:
HUD has submitted the
proposed information collection
requirement described below to the
Office of Management and Budget
(OMB) for review, in accordance with
the Paperwork Reduction Act. The
purpose of this notice is to allow for an
additional 30 days of public comment.
DATES: Comments Due Date: June 6,
2019.
SUMMARY:
Interested persons are
invited to submit comments regarding
this proposal. Comments should refer to
the proposal by name and/or OMB
Control Number and should be sent to:
HUD Desk Officer, Office of
Management and Budget, New
Executive Office Building, Washington,
DC 20503; fax: 202–395–5806. Email:
OIRA_Submission@omb.eop.gov.
FOR FURTHER INFORMATION CONTACT:
Colette Pollard, Reports Management
Officer, QDAM, Department of Housing
and Urban Development, 451 7th Street
SW, Washington, DC 20410; email
Colette Pollard at Colette.Pollard@
hud.gov or telephone 202–402–3400.
Persons with hearing or speech
impairments may access this number
through TTY by calling the toll-free
Federal Relay Service at (800) 877–8339.
This is not a toll-free number. Copies of
available documents submitted to OMB
may be obtained from Ms. Pollard.
SUPPLEMENTARY INFORMATION: This
notice informs the public that HUD has
submitted to OMB a request for
jbell on DSK3GLQ082PROD with NOTICES
ADDRESSES:
VerDate Sep<11>2014
16:24 May 06, 2019
Jkt 247001
approval of the information collection
described in Section A. The Federal
Register notice that solicited public
comment on the information collection
for a period of 60 days was published
on February 20, 2019 at 84 FR 5103.
A. Overview of Information Collection
Title of Information Collection: Public
Housing Operating Subsidy—Appeals.
OMB Approval Number: 2577–0246.
Type of Request: Extension of a
currently approved collection.
Form Number: N/A.
Description of the need for the
information and proposed use: Under
the operating fund rule, PHAs that elect
to file an appeal of their subsidy
amounts are required to meet the appeal
requirements set forth in subpart G of
the rule. There are four grounds of
appeal in 24 CFR 990.245 under which
PHAs may appeal the amount of their
subsidy. They are a streamlined appeal;
an appeal for specific local conditions;
an appeal for changing market
conditions; and an appeal to substitute
actual project cost data. To appeal the
amount of subsidy on any one of these
permitted bases, PHAs must submit a
written appeal request to HUD.
Respondents: State, Local or Tribal
Government.
Estimated Number of Respondents:
105.
Estimated Number of Responses: 105.
Frequency of Response: 1.
Average Hours per Response: 19.51.
Total Estimated Burdens: 2,048.55.
B. Solicitation of Public Comment
This notice is soliciting comments
from members of the public and affected
parties concerning the collection of
information described in Section A on
the following:
(1) Whether the proposed collection
of information is necessary for the
proper performance of the functions of
the agency, including whether the
information will have practical utility;
(2) The accuracy of the agency’s
estimate of the burden of the proposed
collection of information;
(3) Ways to enhance the quality,
utility, and clarity of the information to
be collected; and
(4) Ways to minimize the burden of
the collection of information on those
who are to respond; including through
the use of appropriate automated
collection techniques or there forms of
information technology, e.g., permitting
electronic submission of responses.
HUD encourages interested parties to
submit comment in response to these
questions.
Authority: Section 3507 of the Paperwork
Reduction Act of 1995, 44 U.S.C. Chapter 35.
PO 00000
Frm 00035
Fmt 4703
Sfmt 4703
19933
Dated: April 25, 2019.
Colette Pollard,
Department Reports Management Officer,
Office of the Chief Information Officer.
[FR Doc. 2019–09358 Filed 5–6–19; 8:45 am]
BILLING CODE 4210–67–P
DEPARTMENT OF HOUSING AND
URBAN DEVELOPMENT
[Docket No. FR–7011–N–18]
30-Day Notice of Proposed Information
Collection: Public Housing Operating
Fund Program: Operating Budget and
Related Form
Office of the Chief Information
Officer, HUD.
ACTION: Notice.
AGENCY:
HUD has submitted the
proposed information collection
requirement described below to the
Office of Management and Budget
(OMB) for review, in accordance with
the Paperwork Reduction Act. The
purpose of this notice is to allow for an
additional 30 days of public comment.
DATES: Comments Due Date: June 6,
2019.
ADDRESSES: Interested persons are
invited to submit comments regarding
this proposal. Comments should refer to
the proposal by name and/or OMB
Control Number and should be sent to:
HUD Desk Officer, Office of
Management and Budget, New
Executive Office Building, Washington,
DC 20503; fax: 202–395–5806. Email:
OIRA_Submission@omb.eop.gov.
FOR FURTHER INFORMATION CONTACT:
Colette Pollard, Reports Management
Officer, QDAM, Department of Housing
and Urban Development, 451 7th Street
SW, Washington, DC 20410; email
Colette Pollard at Colette.Pollard@
hud.gov or telephone 202–402–3400.
Persons with hearing or speech
impairments may access this number
through TTY by calling the toll-free
Federal Relay Service at (800) 877–8339.
This is not a toll-free number. Copies of
available documents submitted to OMB
may be obtained from Ms. Pollard.
SUPPLEMENTARY INFORMATION: This
notice informs the public that HUD has
submitted to OMB a request for
approval of the information collection
described in Section A. The Federal
Register notice that solicited public
comment on the information collection
for a period of 60 days was published
on February 20, 2019 at 84 FR 5104.
SUMMARY:
A. Overview of Information Collection
Title of Information Collection: Public
Housing Operating Subsidy—Appeals.
E:\FR\FM\07MYN1.SGM
07MYN1
]]>Agencies
[Federal Register Volume 84, Number 88 (Tuesday, May 7, 2019)]
[Notices]
[Pages 19929-19933]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-09319]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
[Docket No. DHS-2018-0068]
Chemical Security Assessment Tool (CSAT)
AGENCY: Infrastructure Security Division (ISD), Cybersecurity and
Infrastructure Security Agency (CISA), Department of Homeland Security
(DHS).
ACTION: 30-Day notice and request for comments; revision of information
collection.
-----------------------------------------------------------------------
SUMMARY: DHS CISA ISD will submit the following Information Collection
Request (ICR) to the Office of Management and Budget (OMB) for review
and clearance in accordance with the Paperwork Reduction Act of 1995.
CISA previously published this ICR, in the Federal Register on February
7, 2019, for a 60-day comment period. In this notice, CISA: (1)
Responds to one commenter that submitted multiple comments in response
to the 60-day
[[Page 19930]]
notice, (2) revises the burden associated with an instrument, and (3)
solicits public comment concerning this ICR for an additional 30-days.
DATES: Comments are due by June 6, 2019.
ADDRESSES: Interested persons are invited to submit written comments on
the proposed information collection to the Office of Information and
Regulatory Affairs, OMB. Comments should be addressed to OMB Desk
Officer, Department of Homeland Security, Cybersecurity and
Infrastructure Security Agency and sent via electronic mail to
[email protected]. All submissions must include the words
``Department of Homeland Security'' and the OMB Control Number 1670-
0007--Chemical Security Assessment Tool.
Comments submitted in response to this notice may be made available
to the public through relevant websites. For this reason, please do not
include in your comments information of a confidential nature, such as
sensitive personal information or proprietary information. Please note
that responses to this public comment request containing any routine
notice about the confidentiality of the communication will be treated
as public comments that may be made available to the public
notwithstanding the inclusion of the routine notice.
Comments that include trade secrets, confidential commercial or
financial information, Chemical-terrorism Vulnerability Information
(CVI),\1\ Sensitive Security Information (SSI),\2\ or Protected
Critical Infrastructure Information (PCII) \3\ should not be submitted
to the public docket. Comments containing trade secrets, confidential
commercial or financial information, CVI, SSI, or PCII should be
appropriately marked and packaged in accordance with applicable
requirements and submitted by mail to the DHS/CISA/Infrastructure
Security Division, CFATS Program Manager, 245 Murray Lane SW, Mail Stop
0610, Arlington, VA 20528-0610. The Department will forward all
comments received by the submission deadline to the OMB Desk Officer.
---------------------------------------------------------------------------
\1\ For more information about CVI see 6 CFR 27.400 and the CVI
Procedural Manual at www.dhs.gov/publication/safeguarding-cvi-manual.
\2\ For more information about SSI see 49 CFR part 1520 and the
SSI Program web page at www.tsa.gov/for-industry/sensitive-security-information.
\3\ For more information about PCII see 6 CFR part 29 and the
PCII Program web page at www.dhs.gov/pcii-program.
FOR FURTHER INFORMATION CONTACT: Craig Conklin, 703-235-5263,
_____________________________________-
[email protected].
SUPPLEMENTARY INFORMATION: The CFATS Program identifies and regulates
the security of high-risk chemical facilities using a risk-based
approach. Congress initially authorized the CFATS Program under Section
550 of the Department of Homeland Security Appropriations Act of 2007,
Public Law 109-295 (2006). Congress reauthorized the CFATS Program for
an additional five years and three months under the Protecting and
Securing Chemical Facilities from Terrorist Attacks Act of 2014 and the
Chemical Facility Anti-Terrorism Standards Program Extension Act.\4\
The Department implemented the CFATS Program through rulemaking and
issued an Interim Final Rule (IFR) on April 9, 2007 and a final rule on
November 20, 2007. See 72 FR 17688 and 72 FR 65396.
---------------------------------------------------------------------------
\4\ The CFATS Act of 2014 codified the CFATS program into the
Homeland Security Act of 2002. See 6 U.S.C. 621 et seq.; see also
The Chemical Facility Anti-Terrorism Standards Program Extension
Act. Public Law 116-2 (2019).
---------------------------------------------------------------------------
CISA\5\ collects the core regulatory data necessary to implement
CFATS through the Chemical Security Assessment Tool (CSAT) covered
under this collection. For more information about CFATS and CSAT,
please visit www.dhs.gov/chemicalsecurity. This information collection
(OMB Control No. 1670-0007) will expire on July 31, 2019.\6\
---------------------------------------------------------------------------
\5\ Pursuant to the Cybersecurity and Infrastructure Security
Agency Act of 2018, the National Protection and Program Directorate
(NPPD) was re-designated as CISA. See 6 U.S.C. 652.
\6\ The currently approved version of this information
collection (OMB Control No. 1670-0007) can be viewed at https://www.reginfo.gov/public/do/PRAViewICR?ref_nbr=201604-1670-001.
---------------------------------------------------------------------------
1. Responses to Comments Submitted During 60-Day Comment Period
In response to the 60-day notice \7\ that solicited comments, CISA
received several comments from a single commenter related to the
instrument, ``Identification of Facilities and Assets at Risk.'' \8\
---------------------------------------------------------------------------
\7\ The 60-day notice for this ICR was published on February 7,
2019 at 84 FR 2558. The notice may be viewed at https://www.federalregister.gov/d/2019-01378.
\8\ The comment may be viewed at https://www.regulations.gov/document?D=DHS-2018-0068-0002.
---------------------------------------------------------------------------
Comment: The commenter believed that CISA had not provided
sufficient information in the 60-day notice to allow adequate comment
about the instrument, ``Identification of Additional Facilities and
Assets at Risk.'' The commenter referenced the existing instrument \9\
and described the two sections within the instrument.
---------------------------------------------------------------------------
\9\ The instrument ``Identification of Additional Facilities and
Assets at Risk'' in the currently approved information collection
may be viewed at https://www.reginfo.gov/public/do/DownloadDocument?objectID=66215302.
---------------------------------------------------------------------------
The first section of the current instrument is titled,
``Identification of Facilities'' and collects information on a
voluntary basis when a facility ships and/or receives Chemicals of
Interest (COI). The instrument collects: (1) Shipping and/or receiving
procedures, (2) Invoices and receipts, and (3) Company names and
locations that COI is shipped to and/or received from.
The second section is titled, ``Assets at Risk'' and collects
information on a voluntary basis when the facility identifies a
Supervisory Control and Data Acquisition (SCADA), Distributed Control
System (DCS), Process Control Systems (PCS), or Industrial Control
Systems (ICS). Specifically, the instrument collects information about:
(1) Details on the system(s) that controls, monitors, and/or manages
small to large production systems as well as how the system(s)
operates; and (2) If it is standalone or connected to other systems or
networks and document the specific brand and name of the system(s).
The commenter reviewed the current instrument and noticed that
CISA's estimates about the number of respondents related to only the
first section of the current instrument (i.e. Identification of
Facilities). Specifically, in the 60-day notice, CISA stated:
The current information collection estimated that each year 211
respondents would respond to this instrument. For this ICR, CISA
estimates that the annual number of respondents will be 845, because
CISA only requests this information from covered chemical facilities
that undergo compliance inspections and ship chemicals of interest
(COI). CISA completes approximately 1,920 compliance inspections per
year. Of these, approximately 44 percent of the covered chemical
facilities inspected ship COI. Therefore, CISA estimates 845
respondents for this instrument [= 1,920 facilities inspected x 44
percent of facilities ship COI].\10\
\10\ This quote is from the 60-day Federal Register Notice at 84
FR 2563 (Feb. 7, 2019).
The commenter concluded that CISA, based on the description
provided in the 60-day notice about how the number of respondents was
derived, could be seeking to revise the instrument and remove the
second section (i.e., Assets at Risk).
Response: CISA is not seeking to remove the Assets at Risk portion
of the instrument. As a result of the commenter's questions CISA
realized that it had omitted accounting for the burden associated with
the second section (i.e., Assets at Risk) within the instrument.
Therefore, CISA has revised
[[Page 19931]]
its estimates for this instrument in Part 2 (Analysis) of this notice.
Comment: The commenter requested information on how many facilities
provided responses to the first section (i.e., Identification of
Facilities) and the second section (i.e., Assets at Risk) of the
``Identification of Additional Facilities and Assets at Risk''
instrument. The commenter also requested the criteria CISA used to
select which facilities were requested information under the second
section of the instrument.
Response: With respect to the first section of the instrument (i.e.
Identification of Facilities), as discussed in the 60-day notice, CISA
collects information under the first section of this instrument when
conducting inspections at facilities that ship and/or receive COI. As
described in the 60-day notice, CISA completes approximately 1,920
compliance inspections per year. Of these, approximately 44 percent of
the covered chemical facilities inspected ship COI. Therefore, CISA
estimates 845 facilities were asked to identify facilities.
With respect to the second section of the instrument (i.e., Assets
at Risk), if a covered chemical facility has identified a cyber-related
system in their Security Vulnerability Assessment (SVA) or Site
Security Plan (SSP) information, CISA may request the information
covered under this instrument during interactions that occur during:
(1) Compliance Assistance Visits, (2) Authorization Inspections, and
(3) a Compliance Inspections.\11\ Since October 2016 CISA has performed
6,453 of these interactions at such facilities and asked questions
about assets at risk. The results of these interactions and number of
times CISA asked questions about assets at risk are provided in the
table below:\12\
---------------------------------------------------------------------------
\11\ This information is not covered under the SSP because the
information is not subsequently submitted through the CSAT SSP but
rather documented by an inspector or other appropriate employee of
CISA.
\12\ The data element used to determine whether or not cyber
questions were explicitly asked as a part of compliance questions
CISA is whether the data from the SVA and SSP were auto-populated in
Compliance Inspection reports. This process began during FY2016 and
thus the estimate of 1066 is an undercount of the total questions
asked during the FY.
----------------------------------------------------------------------------------------------------------------
FY2017 (10/2016-09/ FY2018 (10/2017-09/ FY2019 (10/2018-02/
2017) 2018) 2019)
----------------------------------------------------------------------------------------------------------------
Compliance Assistance Visits..................... 824 1,444 388
Authorization Inspections........................ 128 875 85
Compliance Inspections........................... \12\ 1066 1009 634
--------------------------------------------------------------
Subtotal..................................... 2,018 3,328 1,107
--------------------------------------------------------------
Total.................................... ................... ................... 6,453
----------------------------------------------------------------------------------------------------------------
Comment: The commenter requested information about how many
facilities voluntarily provided information to the first section (i.e.,
Identification of Facilities) and the second section (i.e., Assets at
Risk) of the ``Identification of Additional Facilities and Assets at
Risk'' instrument.
Response: With respect to the first section of the instrument (i.e.
Identification of Facilities), approximately 15 facilities provided
information that identified other facilities. With respect to the
second section (i.e., Assets at Risk), every facility provided
information about their assets at risk.
Comment: The commenter requested information about whether any data
provided in the ``Assets at Risk'' section of the instrument had not
been previously provided in an approved facility's site security plan
(SSP).
Response: CISA has found that the information generally collected
under the section (Assets at Risk) is not information previously
provided in an approved facility's SSP or ASP. The information
collected through the second section of the instrument generally
supplements the information provided by covered chemical facilities in
their SSP or ASP. Information collected through this instrument is
recorded in case files created by CISA employees outside of the SSP or
ASP (e.g., Compliance Inspection Reports).
Comment: The commenter requested information about the outcomes
from the information collected under the first section (i.e.
Identification of Facilities) of this instrument. Specifically: (1) How
many of the facilities identified by CISA through information collected
from the first section of this instrument had not previously completed
a Top Screen submission; (2) Of those previously unidentified
facilities, how many subsequently submitted Top-Screens; and (3) Of
those previously unidentified facilities that submitted Top Screens,
how many were subsequently identified as being at high-risk.
Response: CISA began routinely requesting information under the
first section (i.e., Identification of Facilities) of this instrument
in 2018. Since then CISA approximately 15 facilities responded to the
request for information, those that did respond provided valuable data.
CISA received information on 172 facilities that had not previously
submitted Top-Screens. CISA is currently working with those facilities
to determine if they are required to submit a Top-Screen. As of
February 2019, from the 172 facilities CISA has received 27 Top-Screens
of which 18 were subsequently determined to be high-risk (i.e., 66%).
CISA believes that voluntarily supplied customer and suppliers lists
are an excellent source of information to identify chemical facilities
of interest and covered chemical facilities.
Comment: The commenter also asked why this instrument was not
mentioned in the FY 2019 CFATS Outreach Implementation Plan.\13\
---------------------------------------------------------------------------
\13\ The FY19 CFATS Outreach Implementation Plan is required by
the Protecting and Securing Chemical Facilities from Terrorist
Attacks Act of 2014 (the CFATS Act of 2014), Public Law 113-254 (6
U.S.C. 621 et seq.). The CFATS Act of 2014 directed the Department
of Homeland Security, among other provisions, to establish an
outreach implementation plan in coordination with the heads of
appropriate Federal and State agencies, relevant business
associations, and public and private stakeholders' labor
organizations in order to identify chemical facilities of interest
(CFOI) that may be subject to regulations under CFATS and to make
available compliance assistance materials and information on CFATS-
related education and training. The FY19 CFATS Outreach
Implementation Plan may be viewed at (https://www.dhs.gov/publication/cfats-oip).
---------------------------------------------------------------------------
Response: CISA did not include this process, by which CISA could
potentially identify facilities, because of the low response rate. CISA
will consider including it in the next outreach plan.
[[Page 19932]]
2. Analysis
CISA continues to rely on the analysis and resulting burden
estimates provided in the 60-day notice for the: (1) Top-Screen, (2)
Security Vulnerability Assessment (SVA) and Alternative Security Plan
(ASP) submitted in lieu of an SVA, (3) SSP and ASP submitted in lieu of
an SSP, (4) CFATS Help Desk, and (5) CSAT User Registration. CISA has
revised its analysis and resulting burden estimates for the instrument,
``Identification of Facilities and Assets at Risk.'' CISA's analysis is
described in the next section.
CISA would also like to clarify the scope and purpose of one aspect
of the CSAT User Registration instrument that does not revise its
burden estimate. Specifically, that CISA uses the Authorizer role in
CSAT to send official correspondence.
3. CISA'S Methodology in Estimating the Burden for Identification of
Additional Facilities and Assets at Risk
Number of Respondents
The current information collection estimated that each year 211
respondents would respond to this instrument. In the 60-day notice,
CISA estimated that the annual number of respondents to be 845. As a
result of public comment CISA has revised its estimate in this notice
from 845 to 3,426. This revised estimate is based upon the sum of 845
respondents for the first section of this instrument (see 60-day notice
for the basis of this estimate) and 2,581 respondents for the second
section of this instrument. CISA estimated 2,581 respondents for the
second section by annualizing the number of interactions described
earlier in this notice since October of 2016 (i.e., 2,581 = [6,453
respondents over a 2.5 year time span/2.5 years]).
Estimated Time per Respondent
In the current information collection, the estimated time per
respondent is 0.17 hours (10 minutes). CISA believes that this estimate
is reasonable for either the first or the second section of the
instrument. Therefore, in this ICR, CISA maintains this estimate.
Annual Burden Hours
The annual burden estimate is 571 hours [ = 3,426 respondents x 1
response per respondent x 0.17 hours per respondent].
Total Annual Burden Cost
CISA assumes that SSOs will be responsible for providing this
information. Therefore, to estimate the total annual burden, CISA
multiplied the annual burden of 571 hours by the average hourly
compensation rate of SSOs. The total annual burden for the
Identification of Additional Facilities and Assets at Risk is $45,505 [
= 571 annual burden hours x $79.69 per hour].
Total Burden Cost (Capital/Startup)
In the current information collection, CISA estimated a one-time
capital cost would be incurred by 3,000 respondents as a result of the
CSAT 2.0 implementation. These capital costs were one-time costs for
respondents and therefore have been removed from this information
collection.
Total Recordkeeping Burden
There is no recordkeeping burden for this instrument.
Public Participation
OMB is particularly interested in comments that:
1. Evaluate whether the proposed collection of information is
necessary for the proper performance of the functions of the agency,
including whether the information will have practical utility;
2. Evaluate the accuracy of the agency's estimate of the burden of
the proposed collection of information, including the validity of the
methodology and assumptions used;
3. Enhance the quality, utility, and clarity of the information to
be collected; and
4. Minimize the burden of the collection of information on those
who are to respond, including through the use of appropriate automated,
electronic, mechanical, or other technological collection techniques,
or other forms of information technology (e.g., permitting electronic
submissions of responses).
Analysis
Title of Collection: Chemical Security Assessment Tool.
OMB Control Number: 1670-0007.
Instrument: Top-Screen.
Frequency: ``On occasion'' and ``Other''.
Affected Public: Business or other for-profit.
Annual Number of Respondents: 2,332 respondents (estimate).
Estimated Time per Respondent: 1.09 hours.
Total Annual Burden Hours: 2,553 hours.
Total Annual Burden Cost: $203,450.
Total Annual Burden Cost (capital/startup): $0.
Total Recordkeeping Burden: $0
Instrument: Security Vulnerability Assessment and Alternative
Security Program submitted in lieu of a Security Vulnerability
Assessment.
Frequency: ``On occasion'' and ``Other.''
Affected Public: Business or other for-profit.
Annual Number of Respondents: 1,683 respondents (estimate).
Estimated Time per Respondent: 1.24 hours.
Total Annual Burden Hours: 2,083 hours.
Total Annual Burden Cost: $166,028.
Total Annual Burden Cost (capital/startup): $0.
Total Recordkeeping Burden: $0.
Instrument: Site Security Plan and Alternative Security Program
submitted in lieu of a Site Security Plan.
Frequency: ``On occasion'' and ``Other.''
Affected Public: Business or other for-profit.
Annual Number of Respondents: 1,683 respondents (estimate).
Estimated Time per Respondent: 2.72 hours.
Total Annual Burden Hours: 4,582 hours.
Total Annual Burden Cost: $365,141.
Total Annual Burden Cost (capital/startup): $0.
Total Recordkeeping Burden: $516,825.
Instrument: CFATS Help Desk.
Frequency: ``On occasion'' and ``Other.''
Affected Public: Business or other for-profit.
Annual Number of Respondents: 15,000 respondents (estimate).
Estimated Time per Respondent: 0.17 hours.
Total Annual Burden Hours: 2,500 hours.
Total Annual Burden Cost: $199,233.
Total Annual Burden Cost (capital/startup): $0.
Total Recordkeeping Burden: $0.
Instrument: User Registration.
Frequency: ``On occasion'' and ``Other''
Affected Public: Business or other for-profit.
Annual Number of Respondents: 1,000 respondents (estimate).
Estimated Time per Respondent: 2.5 hours.
Total Annual Burden Hours: 2,500 hours.
Total Annual Burden Cost: $199,233.
Total Annual Burden Cost (capital/startup): $0.
Total Recordkeeping Burden: $0.
Instrument: Identification of Facilities and Assets at Risk.
Frequency: ``On occasion'' and ``Other.''
[[Page 19933]]
Affected Public: Business or other for-profit.
Annual Number of Respondents: 3,426 respondents (estimate).
Estimated Time per Respondent: 0.17 hours.
Total Annual Burden Hours: 571 hours.
Total Annual Burden Cost: $45,505.
Total Annual Burden Cost (capital/startup): $0.
Total Recordkeeping Burden: $0.
Scott Libby,
Deputy Chief Information Officer.
[FR Doc. 2019-09319 Filed 5-6-19; 8:45 am]
BILLING CODE 9110-9P-P
