Chemical Security Assessment Tool (CSAT), 19929-19933 [2019-09319]

Download as PDF Federal Register / Vol. 84, No. 88 / Tuesday, May 7, 2019 / Notices The public meeting will be held at the Woodrow Wilson International Center for Scholars (‘‘Wilson Center’’), located at 1300 Pennsylvania Avenue NW, Washington, DC 20004. All visitors will be processed through the lobby of the Wilson Center. For information on facilities or services for individuals with disabilities, or to request special assistance at the meeting, contact Mike Miron at HSAC@ hq.dhs.gov or (202) 447–3135 as soon as possible. Written public comments prior to the meeting must be received by 5:00 p.m. EDT on Friday, May 17, 2018, and must be identified by Docket No. DHS– 2019–0011. Written public comments after the meeting must be identified by Docket No. DHS–2019–0011 and may be submitted by one of the following methods: • Federal eRulemaking Portal: https:// www.regulations.gov. Follow the instructions for submitting comments. • Email: HSAC@hq.dhs.gov. Include Docket No. DHS–2019–0011 in the subject line of the message. • Fax: (202) 282–9207. Include Mike Miron and the Docket No. DHS–2019– 0011 in the subject line of the message. • Mail: Mike Miron, Deputy Executive Director of Homeland Security Advisory Council, Office of Partnership and Engagement, Mailstop 0385, Department of Homeland Security, 2707 Martin Luther King Jr Ave. SE, Washington, DC 20528. Instructions: All submissions received must include the words ‘‘Department of Homeland Security’’ and ‘‘DHS–2019– 0011,’’ the docket number for this action. Comments received will be posted without alteration at https:// www.regulations.gov, including any personal information provided. Docket: For access to the docket to read comments received by the Council, go to https://www.regulations.gov, search ‘‘DHS–2019–0011,’’ ‘‘Open Docket Folder’’ and provide your comments. FOR FURTHER INFORMATION CONTACT: Mike Miron at HSAC@hq.dhs.gov or at (202) 447–3135. SUPPLEMENTARY INFORMATION: Notice of this meeting is given under Section 10(a) of the Federal Advisory Committee Act (FACA), Public Law 92–463 (5 U.S.C. Appendix), which requires each FACA committee meeting to be open to the public. The Council provides organizationally independent, strategic, timely, specific, actionable advice, and recommendations to the Secretary of Homeland Security on matters related to homeland security. The Council is comprised of leaders of local law enforcement, first responders, Federal, jbell on DSK3GLQ082PROD with NOTICES ADDRESSES: VerDate Sep<11>2014 16:24 May 06, 2019 Jkt 247001 State, and local government, the private sector, and academia. The Council will meet in an open session between 1:00 p.m. to 3:30 p.m. EDT. The Council will swear in new members, they will receive an update from the Families and Children Care Panel subcommittee, and review and deliberate on reports from the; State, Local, Tribal, and Territorial Cybersecurity; Emerging Technologies; and Countering Foreign Influence subcommittees. Following this, there will be a break for public commentary. The Council will meet in a closed session from 8:45 a.m. to 12:50 p.m. EDT to receive sensitive operational information from senior officials on current counterterrorism threats, border security, aviation security, and cybersecurity. Basis for Partial Closure: In accordance with Section 10(d) of FACA, the Secretary of Homeland Security has determined this meeting requires partial closure. The disclosure of the information relayed would be detrimental to the public interest for the following reasons: The Council will receive closed session briefings at the For Official Use Only and Law Enforcement sensitive information from senior officials. These briefings will concern matters sensitive to homeland security within the meaning of 5 U.S.C. 552b(c)(7)(E) and 552b(c)(9)(B). The Council will receive operational counterterrorism updates on the current threat environment and security measures associated with countering such threats, including those related to aviation security programs, border security, immigration enforcement, and cybersecurity. The session is closed under 5 U.S.C. 552b(c)(7)(E) because disclosure of that information could reveal investigative techniques and procedures not generally available to the public, allowing terrorists and those with interests against the United States to circumvent the law and thwart the Department’s strategic initiatives. Specifically, there will be material presented during the briefings regarding the latest viable threats against the United States and how DHS and other Federal agencies plan to address those threats. Disclosure of this information could frustrate the successful implementation of protective measures designed to keep our country safe. In addition, the session is closed pursuant to 5 U.S.C. 552b(c)(9)(B) because disclosure of these techniques and procedures could frustrate the successful implementation of protective measures designed to keep our country safe. PO 00000 Frm 00031 Fmt 4703 Sfmt 4703 19929 Participation: Members of the public will have until 5:00 p.m. EDT on Friday, May 17, 2019, to register to attend the Council meeting on Tuesday, May 21, 2019. Due to limited availability of seating, admittance will be on a firstcome first-serve basis. Participants interested in attending the meeting can contact Mike Miron at HSAC@ hq.dhs.gov or (202) 447–3135. You are required to provide your full legal name, date of birth, and company/agency affiliation. The public may access the facility via public transportation or use the public parking garages located near the Fashion Centre at Pentagon City. Members of the public will meet at 12:30 p.m. EDT at the lobby of the Wilson Center. Late arrivals after 1:00 p.m. EDT will not be permitted access to the facility. Facility Access: You are required to present a valid original government issued ID, to include a State Driver’s License or Non-Driver’s Identification Card, U.S. Government Common Access Card (CAC), Military Identification Card or Person Identification Verification Card; U.S. Passport, U.S. Border Crossing Card, Permanent Resident Card or Alien Registration Card; or Native American Tribal Document. Dated: April 29, 2019. Matthew Hayden, Executive Director, Homeland Security Advisory Council, Department of Homeland Security. [FR Doc. 2019–09318 Filed 5–6–19; 8:45 am] BILLING CODE 9110–9B–P DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS–2018–0068] Chemical Security Assessment Tool (CSAT) Infrastructure Security Division (ISD), Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS). ACTION: 30-Day notice and request for comments; revision of information collection. AGENCY: DHS CISA ISD will submit the following Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995. CISA previously published this ICR, in the Federal Register on February 7, 2019, for a 60-day comment period. In this notice, CISA: (1) Responds to one commenter that submitted multiple comments in response to the 60-day SUMMARY: E:\FR\FM\07MYN1.SGM 07MYN1 19930 Federal Register / Vol. 84, No. 88 / Tuesday, May 7, 2019 / Notices jbell on DSK3GLQ082PROD with NOTICES notice, (2) revises the burden associated with an instrument, and (3) solicits public comment concerning this ICR for an additional 30-days. DATES: Comments are due by June 6, 2019. ADDRESSES: Interested persons are invited to submit written comments on the proposed information collection to the Office of Information and Regulatory Affairs, OMB. Comments should be addressed to OMB Desk Officer, Department of Homeland Security, Cybersecurity and Infrastructure Security Agency and sent via electronic mail to dhsdeskofficer@omb.eop.gov. All submissions must include the words ‘‘Department of Homeland Security’’ and the OMB Control Number 1670– 0007—Chemical Security Assessment Tool. Comments submitted in response to this notice may be made available to the public through relevant websites. For this reason, please do not include in your comments information of a confidential nature, such as sensitive personal information or proprietary information. Please note that responses to this public comment request containing any routine notice about the confidentiality of the communication will be treated as public comments that may be made available to the public notwithstanding the inclusion of the routine notice. Comments that include trade secrets, confidential commercial or financial information, Chemical-terrorism Vulnerability Information (CVI),1 Sensitive Security Information (SSI),2 or Protected Critical Infrastructure Information (PCII) 3 should not be submitted to the public docket. Comments containing trade secrets, confidential commercial or financial information, CVI, SSI, or PCII should be appropriately marked and packaged in accordance with applicable requirements and submitted by mail to the DHS/CISA/Infrastructure Security Division, CFATS Program Manager, 245 Murray Lane SW, Mail Stop 0610, Arlington, VA 20528–0610. The Department will forward all comments received by the submission deadline to the OMB Desk Officer. FOR FURTHER INFORMATION CONTACT: Craig Conklin, 703–235–5263, cfats@ hq.dhs.gov. 1 For more information about CVI see 6 CFR 27.400 and the CVI Procedural Manual at www.dhs.gov/publication/safeguarding-cvi-manual. 2 For more information about SSI see 49 CFR part 1520 and the SSI Program web page at www.tsa.gov/ for-industry/sensitive-security-information. 3 For more information about PCII see 6 CFR part 29 and the PCII Program web page at www.dhs.gov/ pcii-program. VerDate Sep<11>2014 16:24 May 06, 2019 Jkt 247001 The CFATS Program identifies and regulates the security of high-risk chemical facilities using a risk-based approach. Congress initially authorized the CFATS Program under Section 550 of the Department of Homeland Security Appropriations Act of 2007, Public Law 109–295 (2006). Congress reauthorized the CFATS Program for an additional five years and three months under the Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2014 and the Chemical Facility AntiTerrorism Standards Program Extension Act.4 The Department implemented the CFATS Program through rulemaking and issued an Interim Final Rule (IFR) on April 9, 2007 and a final rule on November 20, 2007. See 72 FR 17688 and 72 FR 65396. CISA5 collects the core regulatory data necessary to implement CFATS through the Chemical Security Assessment Tool (CSAT) covered under this collection. For more information about CFATS and CSAT, please visit www.dhs.gov/chemicalsecurity. This information collection (OMB Control No. 1670–0007) will expire on July 31, 2019.6 SUPPLEMENTARY INFORMATION: 1. Responses to Comments Submitted During 60-Day Comment Period In response to the 60-day notice 7 that solicited comments, CISA received several comments from a single commenter related to the instrument, ‘‘Identification of Facilities and Assets at Risk.’’ 8 Comment: The commenter believed that CISA had not provided sufficient information in the 60-day notice to allow adequate comment about the instrument, ‘‘Identification of Additional Facilities and Assets at Risk.’’ The commenter referenced the existing instrument 9 and described the two sections within the instrument. 4 The CFATS Act of 2014 codified the CFATS program into the Homeland Security Act of 2002. See 6 U.S.C. 621 et seq.; see also The Chemical Facility Anti-Terrorism Standards Program Extension Act. Public Law 116–2 (2019). 5 Pursuant to the Cybersecurity and Infrastructure Security Agency Act of 2018, the National Protection and Program Directorate (NPPD) was redesignated as CISA. See 6 U.S.C. 652. 6 The currently approved version of this information collection (OMB Control No. 1670– 0007) can be viewed at https://www.reginfo.gov/ public/do/PRAViewICR?ref_nbr=201604-1670-001. 7 The 60-day notice for this ICR was published on February 7, 2019 at 84 FR 2558. The notice may be viewed at https://www.federalregister.gov/d/201901378. 8 The comment may be viewed at https:// www.regulations.gov/document?D=DHS-2018-00680002. 9 The instrument ‘‘Identification of Additional Facilities and Assets at Risk’’ in the currently approved information collection may be viewed at PO 00000 Frm 00032 Fmt 4703 Sfmt 4703 The first section of the current instrument is titled, ‘‘Identification of Facilities’’ and collects information on a voluntary basis when a facility ships and/or receives Chemicals of Interest (COI). The instrument collects: (1) Shipping and/or receiving procedures, (2) Invoices and receipts, and (3) Company names and locations that COI is shipped to and/or received from. The second section is titled, ‘‘Assets at Risk’’ and collects information on a voluntary basis when the facility identifies a Supervisory Control and Data Acquisition (SCADA), Distributed Control System (DCS), Process Control Systems (PCS), or Industrial Control Systems (ICS). Specifically, the instrument collects information about: (1) Details on the system(s) that controls, monitors, and/or manages small to large production systems as well as how the system(s) operates; and (2) If it is standalone or connected to other systems or networks and document the specific brand and name of the system(s). The commenter reviewed the current instrument and noticed that CISA’s estimates about the number of respondents related to only the first section of the current instrument (i.e. Identification of Facilities). Specifically, in the 60-day notice, CISA stated: The current information collection estimated that each year 211 respondents would respond to this instrument. For this ICR, CISA estimates that the annual number of respondents will be 845, because CISA only requests this information from covered chemical facilities that undergo compliance inspections and ship chemicals of interest (COI). CISA completes approximately 1,920 compliance inspections per year. Of these, approximately 44 percent of the covered chemical facilities inspected ship COI. Therefore, CISA estimates 845 respondents for this instrument [= 1,920 facilities inspected × 44 percent of facilities ship COI].10 The commenter concluded that CISA, based on the description provided in the 60-day notice about how the number of respondents was derived, could be seeking to revise the instrument and remove the second section (i.e., Assets at Risk). Response: CISA is not seeking to remove the Assets at Risk portion of the instrument. As a result of the commenter’s questions CISA realized that it had omitted accounting for the burden associated with the second section (i.e., Assets at Risk) within the instrument. Therefore, CISA has revised https://www.reginfo.gov/public/do/Download Document?objectID=66215302. 10 This quote is from the 60-day Federal Register Notice at 84 FR 2563 (Feb. 7, 2019). E:\FR\FM\07MYN1.SGM 07MYN1 19931 Federal Register / Vol. 84, No. 88 / Tuesday, May 7, 2019 / Notices its estimates for this instrument in Part 2 (Analysis) of this notice. Comment: The commenter requested information on how many facilities provided responses to the first section (i.e., Identification of Facilities) and the second section (i.e., Assets at Risk) of the ‘‘Identification of Additional Facilities and Assets at Risk’’ instrument. The commenter also requested the criteria CISA used to select which facilities were requested information under the second section of the instrument. Response: With respect to the first section of the instrument (i.e. Identification of Facilities), as discussed in the 60-day notice, CISA collects information under the first section of this instrument when conducting inspections at facilities that ship and/or receive COI. As described in the 60-day notice, CISA completes approximately 1,920 compliance inspections per year. Of these, approximately 44 percent of the covered chemical facilities inspected ship COI. Therefore, CISA estimates 845 facilities were asked to identify facilities. With respect to the second section of the instrument (i.e., Assets at Risk), if a covered chemical facility has identified jbell on DSK3GLQ082PROD with NOTICES FY2017 (10/2016–09/2017) a cyber-related system in their Security Vulnerability Assessment (SVA) or Site Security Plan (SSP) information, CISA may request the information covered under this instrument during interactions that occur during: (1) Compliance Assistance Visits, (2) Authorization Inspections, and (3) a Compliance Inspections.11 Since October 2016 CISA has performed 6,453 of these interactions at such facilities and asked questions about assets at risk. The results of these interactions and number of times CISA asked questions about assets at risk are provided in the table below:12 FY2018 (10/2017–09/2018) FY2019 (10/2018–02/2019) Compliance Assistance Visits ........................................................................ Authorization Inspections ............................................................................... Compliance Inspections ................................................................................. 824 128 12 1066 1,444 875 1009 388 85 634 Subtotal ................................................................................................... 2,018 3,328 1,107 Total ................................................................................................. .................................. .................................. 6,453 Comment: The commenter requested information about how many facilities voluntarily provided information to the first section (i.e., Identification of Facilities) and the second section (i.e., Assets at Risk) of the ‘‘Identification of Additional Facilities and Assets at Risk’’ instrument. Response: With respect to the first section of the instrument (i.e. Identification of Facilities), approximately 15 facilities provided information that identified other facilities. With respect to the second section (i.e., Assets at Risk), every facility provided information about their assets at risk. Comment: The commenter requested information about whether any data provided in the ‘‘Assets at Risk’’ section of the instrument had not been previously provided in an approved facility’s site security plan (SSP). Response: CISA has found that the information generally collected under the section (Assets at Risk) is not information previously provided in an approved facility’s SSP or ASP. The information collected through the second section of the instrument generally supplements the information provided by covered chemical facilities in their SSP or ASP. Information collected through this instrument is recorded in case files created by CISA employees outside of the SSP or ASP (e.g., Compliance Inspection Reports). Comment: The commenter requested information about the outcomes from the information collected under the first section (i.e. Identification of Facilities) of this instrument. Specifically: (1) How many of the facilities identified by CISA through information collected from the first section of this instrument had not previously completed a Top Screen submission; (2) Of those previously unidentified facilities, how many subsequently submitted Top-Screens; and (3) Of those previously unidentified facilities that submitted Top Screens, how many were subsequently identified as being at high-risk. Response: CISA began routinely requesting information under the first section (i.e., Identification of Facilities) of this instrument in 2018. Since then CISA approximately 15 facilities 11 This information is not covered under the SSP because the information is not subsequently submitted through the CSAT SSP but rather documented by an inspector or other appropriate employee of CISA. 12 The data element used to determine whether or not cyber questions were explicitly asked as a part of compliance questions CISA is whether the data from the SVA and SSP were auto-populated in Compliance Inspection reports. This process began during FY2016 and thus the estimate of 1066 is an undercount of the total questions asked during the FY. 13 The FY19 CFATS Outreach Implementation Plan is required by the Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2014 (the CFATS Act of 2014), Public Law 113–254 (6 U.S.C. 621 et seq.). The CFATS Act of 2014 directed the Department of Homeland Security, among other provisions, to establish an outreach implementation plan in coordination with the heads of appropriate Federal and State agencies, VerDate Sep<11>2014 17:46 May 06, 2019 Jkt 247001 PO 00000 Frm 00033 Fmt 4703 Sfmt 4703 responded to the request for information, those that did respond provided valuable data. CISA received information on 172 facilities that had not previously submitted Top-Screens. CISA is currently working with those facilities to determine if they are required to submit a Top-Screen. As of February 2019, from the 172 facilities CISA has received 27 Top-Screens of which 18 were subsequently determined to be high-risk (i.e., 66%). CISA believes that voluntarily supplied customer and suppliers lists are an excellent source of information to identify chemical facilities of interest and covered chemical facilities. Comment: The commenter also asked why this instrument was not mentioned in the FY 2019 CFATS Outreach Implementation Plan.13 Response: CISA did not include this process, by which CISA could potentially identify facilities, because of the low response rate. CISA will consider including it in the next outreach plan. relevant business associations, and public and private stakeholders’ labor organizations in order to identify chemical facilities of interest (CFOI) that may be subject to regulations under CFATS and to make available compliance assistance materials and information on CFATS-related education and training. The FY19 CFATS Outreach Implementation Plan may be viewed at (https:// www.dhs.gov/publication/cfats-oip). E:\FR\FM\07MYN1.SGM 07MYN1 19932 Federal Register / Vol. 84, No. 88 / Tuesday, May 7, 2019 / Notices 2. Analysis CISA continues to rely on the analysis and resulting burden estimates provided in the 60-day notice for the: (1) TopScreen, (2) Security Vulnerability Assessment (SVA) and Alternative Security Plan (ASP) submitted in lieu of an SVA, (3) SSP and ASP submitted in lieu of an SSP, (4) CFATS Help Desk, and (5) CSAT User Registration. CISA has revised its analysis and resulting burden estimates for the instrument, ‘‘Identification of Facilities and Assets at Risk.’’ CISA’s analysis is described in the next section. CISA would also like to clarify the scope and purpose of one aspect of the CSAT User Registration instrument that does not revise its burden estimate. Specifically, that CISA uses the Authorizer role in CSAT to send official correspondence. 3. CISA’S Methodology in Estimating the Burden for Identification of Additional Facilities and Assets at Risk Number of Respondents The current information collection estimated that each year 211 respondents would respond to this instrument. In the 60-day notice, CISA estimated that the annual number of respondents to be 845. As a result of public comment CISA has revised its estimate in this notice from 845 to 3,426. This revised estimate is based upon the sum of 845 respondents for the first section of this instrument (see 60day notice for the basis of this estimate) and 2,581 respondents for the second section of this instrument. CISA estimated 2,581 respondents for the second section by annualizing the number of interactions described earlier in this notice since October of 2016 (i.e., 2,581 = [6,453 respondents over a 2.5 year time span/2.5 years]). jbell on DSK3GLQ082PROD with NOTICES Estimated Time per Respondent In the current information collection, the estimated time per respondent is 0.17 hours (10 minutes). CISA believes that this estimate is reasonable for either the first or the second section of the instrument. Therefore, in this ICR, CISA maintains this estimate. Annual Burden Hours The annual burden estimate is 571 hours [ = 3,426 respondents × 1 response per respondent × 0.17 hours per respondent]. Total Annual Burden Cost CISA assumes that SSOs will be responsible for providing this information. Therefore, to estimate the total annual burden, CISA multiplied VerDate Sep<11>2014 16:24 May 06, 2019 Jkt 247001 the annual burden of 571 hours by the average hourly compensation rate of SSOs. The total annual burden for the Identification of Additional Facilities and Assets at Risk is $45,505 [ = 571 annual burden hours × $79.69 per hour]. Total Burden Cost (Capital/Startup) In the current information collection, CISA estimated a one-time capital cost would be incurred by 3,000 respondents as a result of the CSAT 2.0 implementation. These capital costs were one-time costs for respondents and therefore have been removed from this information collection. Total Recordkeeping Burden There is no recordkeeping burden for this instrument. Public Participation OMB is particularly interested in comments that: 1. Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility; 2. Evaluate the accuracy of the agency’s estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used; 3. Enhance the quality, utility, and clarity of the information to be collected; and 4. Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques, or other forms of information technology (e.g., permitting electronic submissions of responses). Analysis Title of Collection: Chemical Security Assessment Tool. OMB Control Number: 1670–0007. Instrument: Top-Screen. Frequency: ‘‘On occasion’’ and ‘‘Other’’. Affected Public: Business or other forprofit. Annual Number of Respondents: 2,332 respondents (estimate). Estimated Time per Respondent: 1.09 hours. Total Annual Burden Hours: 2,553 hours. Total Annual Burden Cost: $203,450. Total Annual Burden Cost (capital/ startup): $0. Total Recordkeeping Burden: $0 Instrument: Security Vulnerability Assessment and Alternative Security PO 00000 Frm 00034 Fmt 4703 Sfmt 4703 Program submitted in lieu of a Security Vulnerability Assessment. Frequency: ‘‘On occasion’’ and ‘‘Other.’’ Affected Public: Business or other forprofit. Annual Number of Respondents: 1,683 respondents (estimate). Estimated Time per Respondent: 1.24 hours. Total Annual Burden Hours: 2,083 hours. Total Annual Burden Cost: $166,028. Total Annual Burden Cost (capital/ startup): $0. Total Recordkeeping Burden: $0. Instrument: Site Security Plan and Alternative Security Program submitted in lieu of a Site Security Plan. Frequency: ‘‘On occasion’’ and ‘‘Other.’’ Affected Public: Business or other forprofit. Annual Number of Respondents: 1,683 respondents (estimate). Estimated Time per Respondent: 2.72 hours. Total Annual Burden Hours: 4,582 hours. Total Annual Burden Cost: $365,141. Total Annual Burden Cost (capital/ startup): $0. Total Recordkeeping Burden: $516,825. Instrument: CFATS Help Desk. Frequency: ‘‘On occasion’’ and ‘‘Other.’’ Affected Public: Business or other forprofit. Annual Number of Respondents: 15,000 respondents (estimate). Estimated Time per Respondent: 0.17 hours. Total Annual Burden Hours: 2,500 hours. Total Annual Burden Cost: $199,233. Total Annual Burden Cost (capital/ startup): $0. Total Recordkeeping Burden: $0. Instrument: User Registration. Frequency: ‘‘On occasion’’ and ‘‘Other’’ Affected Public: Business or other forprofit. Annual Number of Respondents: 1,000 respondents (estimate). Estimated Time per Respondent: 2.5 hours. Total Annual Burden Hours: 2,500 hours. Total Annual Burden Cost: $199,233. Total Annual Burden Cost (capital/ startup): $0. Total Recordkeeping Burden: $0. Instrument: Identification of Facilities and Assets at Risk. Frequency: ‘‘On occasion’’ and ‘‘Other.’’ E:\FR\FM\07MYN1.SGM 07MYN1 Federal Register / Vol. 84, No. 88 / Tuesday, May 7, 2019 / Notices Affected Public: Business or other forprofit. Annual Number of Respondents: 3,426 respondents (estimate). Estimated Time per Respondent: 0.17 hours. Total Annual Burden Hours: 571 hours. Total Annual Burden Cost: $45,505. Total Annual Burden Cost (capital/ startup): $0. Total Recordkeeping Burden: $0. Scott Libby, Deputy Chief Information Officer. [FR Doc. 2019–09319 Filed 5–6–19; 8:45 am] BILLING CODE 9110–9P–P DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT [Docket No. FR–7011–N–17] 30-Day Notice of Proposed Information Collection: Public Housing Operating Subsidy—Appeals Office of the Chief Information Officer, HUD. ACTION: Notice. AGENCY: HUD has submitted the proposed information collection requirement described below to the Office of Management and Budget (OMB) for review, in accordance with the Paperwork Reduction Act. The purpose of this notice is to allow for an additional 30 days of public comment. DATES: Comments Due Date: June 6, 2019. SUMMARY: Interested persons are invited to submit comments regarding this proposal. Comments should refer to the proposal by name and/or OMB Control Number and should be sent to: HUD Desk Officer, Office of Management and Budget, New Executive Office Building, Washington, DC 20503; fax: 202–395–5806. Email: OIRA_Submission@omb.eop.gov. FOR FURTHER INFORMATION CONTACT: Colette Pollard, Reports Management Officer, QDAM, Department of Housing and Urban Development, 451 7th Street SW, Washington, DC 20410; email Colette Pollard at Colette.Pollard@ hud.gov or telephone 202–402–3400. Persons with hearing or speech impairments may access this number through TTY by calling the toll-free Federal Relay Service at (800) 877–8339. This is not a toll-free number. Copies of available documents submitted to OMB may be obtained from Ms. Pollard. SUPPLEMENTARY INFORMATION: This notice informs the public that HUD has submitted to OMB a request for jbell on DSK3GLQ082PROD with NOTICES ADDRESSES: VerDate Sep<11>2014 16:24 May 06, 2019 Jkt 247001 approval of the information collection described in Section A. The Federal Register notice that solicited public comment on the information collection for a period of 60 days was published on February 20, 2019 at 84 FR 5103. A. Overview of Information Collection Title of Information Collection: Public Housing Operating Subsidy—Appeals. OMB Approval Number: 2577–0246. Type of Request: Extension of a currently approved collection. Form Number: N/A. Description of the need for the information and proposed use: Under the operating fund rule, PHAs that elect to file an appeal of their subsidy amounts are required to meet the appeal requirements set forth in subpart G of the rule. There are four grounds of appeal in 24 CFR 990.245 under which PHAs may appeal the amount of their subsidy. They are a streamlined appeal; an appeal for specific local conditions; an appeal for changing market conditions; and an appeal to substitute actual project cost data. To appeal the amount of subsidy on any one of these permitted bases, PHAs must submit a written appeal request to HUD. Respondents: State, Local or Tribal Government. Estimated Number of Respondents: 105. Estimated Number of Responses: 105. Frequency of Response: 1. Average Hours per Response: 19.51. Total Estimated Burdens: 2,048.55. B. Solicitation of Public Comment This notice is soliciting comments from members of the public and affected parties concerning the collection of information described in Section A on the following: (1) Whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility; (2) The accuracy of the agency’s estimate of the burden of the proposed collection of information; (3) Ways to enhance the quality, utility, and clarity of the information to be collected; and (4) Ways to minimize the burden of the collection of information on those who are to respond; including through the use of appropriate automated collection techniques or there forms of information technology, e.g., permitting electronic submission of responses. HUD encourages interested parties to submit comment in response to these questions. Authority: Section 3507 of the Paperwork Reduction Act of 1995, 44 U.S.C. Chapter 35. PO 00000 Frm 00035 Fmt 4703 Sfmt 4703 19933 Dated: April 25, 2019. Colette Pollard, Department Reports Management Officer, Office of the Chief Information Officer. [FR Doc. 2019–09358 Filed 5–6–19; 8:45 am] BILLING CODE 4210–67–P DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT [Docket No. FR–7011–N–18] 30-Day Notice of Proposed Information Collection: Public Housing Operating Fund Program: Operating Budget and Related Form Office of the Chief Information Officer, HUD. ACTION: Notice. AGENCY: HUD has submitted the proposed information collection requirement described below to the Office of Management and Budget (OMB) for review, in accordance with the Paperwork Reduction Act. The purpose of this notice is to allow for an additional 30 days of public comment. DATES: Comments Due Date: June 6, 2019. ADDRESSES: Interested persons are invited to submit comments regarding this proposal. Comments should refer to the proposal by name and/or OMB Control Number and should be sent to: HUD Desk Officer, Office of Management and Budget, New Executive Office Building, Washington, DC 20503; fax: 202–395–5806. Email: OIRA_Submission@omb.eop.gov. FOR FURTHER INFORMATION CONTACT: Colette Pollard, Reports Management Officer, QDAM, Department of Housing and Urban Development, 451 7th Street SW, Washington, DC 20410; email Colette Pollard at Colette.Pollard@ hud.gov or telephone 202–402–3400. Persons with hearing or speech impairments may access this number through TTY by calling the toll-free Federal Relay Service at (800) 877–8339. This is not a toll-free number. Copies of available documents submitted to OMB may be obtained from Ms. Pollard. SUPPLEMENTARY INFORMATION: This notice informs the public that HUD has submitted to OMB a request for approval of the information collection described in Section A. The Federal Register notice that solicited public comment on the information collection for a period of 60 days was published on February 20, 2019 at 84 FR 5104. SUMMARY: A. Overview of Information Collection Title of Information Collection: Public Housing Operating Subsidy—Appeals. E:\FR\FM\07MYN1.SGM 07MYN1

Agencies

[Federal Register Volume 84, Number 88 (Tuesday, May 7, 2019)]
[Notices]
[Pages 19929-19933]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-09319]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. DHS-2018-0068]


Chemical Security Assessment Tool (CSAT)

AGENCY: Infrastructure Security Division (ISD), Cybersecurity and 
Infrastructure Security Agency (CISA), Department of Homeland Security 
(DHS).

ACTION: 30-Day notice and request for comments; revision of information 
collection.

-----------------------------------------------------------------------

SUMMARY: DHS CISA ISD will submit the following Information Collection 
Request (ICR) to the Office of Management and Budget (OMB) for review 
and clearance in accordance with the Paperwork Reduction Act of 1995. 
CISA previously published this ICR, in the Federal Register on February 
7, 2019, for a 60-day comment period. In this notice, CISA: (1) 
Responds to one commenter that submitted multiple comments in response 
to the 60-day

[[Page 19930]]

notice, (2) revises the burden associated with an instrument, and (3) 
solicits public comment concerning this ICR for an additional 30-days.

DATES: Comments are due by June 6, 2019.

ADDRESSES: Interested persons are invited to submit written comments on 
the proposed information collection to the Office of Information and 
Regulatory Affairs, OMB. Comments should be addressed to OMB Desk 
Officer, Department of Homeland Security, Cybersecurity and 
Infrastructure Security Agency and sent via electronic mail to 
[email protected]. All submissions must include the words 
``Department of Homeland Security'' and the OMB Control Number 1670-
0007--Chemical Security Assessment Tool.
    Comments submitted in response to this notice may be made available 
to the public through relevant websites. For this reason, please do not 
include in your comments information of a confidential nature, such as 
sensitive personal information or proprietary information. Please note 
that responses to this public comment request containing any routine 
notice about the confidentiality of the communication will be treated 
as public comments that may be made available to the public 
notwithstanding the inclusion of the routine notice.
    Comments that include trade secrets, confidential commercial or 
financial information, Chemical-terrorism Vulnerability Information 
(CVI),\1\ Sensitive Security Information (SSI),\2\ or Protected 
Critical Infrastructure Information (PCII) \3\ should not be submitted 
to the public docket. Comments containing trade secrets, confidential 
commercial or financial information, CVI, SSI, or PCII should be 
appropriately marked and packaged in accordance with applicable 
requirements and submitted by mail to the DHS/CISA/Infrastructure 
Security Division, CFATS Program Manager, 245 Murray Lane SW, Mail Stop 
0610, Arlington, VA 20528-0610. The Department will forward all 
comments received by the submission deadline to the OMB Desk Officer.
---------------------------------------------------------------------------

    \1\ For more information about CVI see 6 CFR 27.400 and the CVI 
Procedural Manual at www.dhs.gov/publication/safeguarding-cvi-manual.
    \2\ For more information about SSI see 49 CFR part 1520 and the 
SSI Program web page at www.tsa.gov/for-industry/sensitive-security-information.
    \3\ For more information about PCII see 6 CFR part 29 and the 
PCII Program web page at www.dhs.gov/pcii-program.

FOR FURTHER INFORMATION CONTACT: Craig Conklin, 703-235-5263, 
_____________________________________-
[email protected].

SUPPLEMENTARY INFORMATION: The CFATS Program identifies and regulates 
the security of high-risk chemical facilities using a risk-based 
approach. Congress initially authorized the CFATS Program under Section 
550 of the Department of Homeland Security Appropriations Act of 2007, 
Public Law 109-295 (2006). Congress reauthorized the CFATS Program for 
an additional five years and three months under the Protecting and 
Securing Chemical Facilities from Terrorist Attacks Act of 2014 and the 
Chemical Facility Anti-Terrorism Standards Program Extension Act.\4\ 
The Department implemented the CFATS Program through rulemaking and 
issued an Interim Final Rule (IFR) on April 9, 2007 and a final rule on 
November 20, 2007. See 72 FR 17688 and 72 FR 65396.
---------------------------------------------------------------------------

    \4\ The CFATS Act of 2014 codified the CFATS program into the 
Homeland Security Act of 2002. See 6 U.S.C. 621 et seq.; see also 
The Chemical Facility Anti-Terrorism Standards Program Extension 
Act. Public Law 116-2 (2019).
---------------------------------------------------------------------------

    CISA\5\ collects the core regulatory data necessary to implement 
CFATS through the Chemical Security Assessment Tool (CSAT) covered 
under this collection. For more information about CFATS and CSAT, 
please visit www.dhs.gov/chemicalsecurity. This information collection 
(OMB Control No. 1670-0007) will expire on July 31, 2019.\6\
---------------------------------------------------------------------------

    \5\ Pursuant to the Cybersecurity and Infrastructure Security 
Agency Act of 2018, the National Protection and Program Directorate 
(NPPD) was re-designated as CISA. See 6 U.S.C. 652.
    \6\ The currently approved version of this information 
collection (OMB Control No. 1670-0007) can be viewed at https://www.reginfo.gov/public/do/PRAViewICR?ref_nbr=201604-1670-001.
---------------------------------------------------------------------------

1. Responses to Comments Submitted During 60-Day Comment Period

    In response to the 60-day notice \7\ that solicited comments, CISA 
received several comments from a single commenter related to the 
instrument, ``Identification of Facilities and Assets at Risk.'' \8\
---------------------------------------------------------------------------

    \7\ The 60-day notice for this ICR was published on February 7, 
2019 at 84 FR 2558. The notice may be viewed at https://www.federalregister.gov/d/2019-01378.
    \8\ The comment may be viewed at https://www.regulations.gov/document?D=DHS-2018-0068-0002.
---------------------------------------------------------------------------

    Comment: The commenter believed that CISA had not provided 
sufficient information in the 60-day notice to allow adequate comment 
about the instrument, ``Identification of Additional Facilities and 
Assets at Risk.'' The commenter referenced the existing instrument \9\ 
and described the two sections within the instrument.
---------------------------------------------------------------------------

    \9\ The instrument ``Identification of Additional Facilities and 
Assets at Risk'' in the currently approved information collection 
may be viewed at https://www.reginfo.gov/public/do/DownloadDocument?objectID=66215302.
---------------------------------------------------------------------------

    The first section of the current instrument is titled, 
``Identification of Facilities'' and collects information on a 
voluntary basis when a facility ships and/or receives Chemicals of 
Interest (COI). The instrument collects: (1) Shipping and/or receiving 
procedures, (2) Invoices and receipts, and (3) Company names and 
locations that COI is shipped to and/or received from.
    The second section is titled, ``Assets at Risk'' and collects 
information on a voluntary basis when the facility identifies a 
Supervisory Control and Data Acquisition (SCADA), Distributed Control 
System (DCS), Process Control Systems (PCS), or Industrial Control 
Systems (ICS). Specifically, the instrument collects information about: 
(1) Details on the system(s) that controls, monitors, and/or manages 
small to large production systems as well as how the system(s) 
operates; and (2) If it is standalone or connected to other systems or 
networks and document the specific brand and name of the system(s).
    The commenter reviewed the current instrument and noticed that 
CISA's estimates about the number of respondents related to only the 
first section of the current instrument (i.e. Identification of 
Facilities). Specifically, in the 60-day notice, CISA stated:

    The current information collection estimated that each year 211 
respondents would respond to this instrument. For this ICR, CISA 
estimates that the annual number of respondents will be 845, because 
CISA only requests this information from covered chemical facilities 
that undergo compliance inspections and ship chemicals of interest 
(COI). CISA completes approximately 1,920 compliance inspections per 
year. Of these, approximately 44 percent of the covered chemical 
facilities inspected ship COI. Therefore, CISA estimates 845 
respondents for this instrument [= 1,920 facilities inspected x 44 
percent of facilities ship COI].\10\

    \10\ This quote is from the 60-day Federal Register Notice at 84 
FR 2563 (Feb. 7, 2019).

    The commenter concluded that CISA, based on the description 
provided in the 60-day notice about how the number of respondents was 
derived, could be seeking to revise the instrument and remove the 
second section (i.e., Assets at Risk).
    Response: CISA is not seeking to remove the Assets at Risk portion 
of the instrument. As a result of the commenter's questions CISA 
realized that it had omitted accounting for the burden associated with 
the second section (i.e., Assets at Risk) within the instrument. 
Therefore, CISA has revised

[[Page 19931]]

its estimates for this instrument in Part 2 (Analysis) of this notice.
    Comment: The commenter requested information on how many facilities 
provided responses to the first section (i.e., Identification of 
Facilities) and the second section (i.e., Assets at Risk) of the 
``Identification of Additional Facilities and Assets at Risk'' 
instrument. The commenter also requested the criteria CISA used to 
select which facilities were requested information under the second 
section of the instrument.
    Response: With respect to the first section of the instrument (i.e. 
Identification of Facilities), as discussed in the 60-day notice, CISA 
collects information under the first section of this instrument when 
conducting inspections at facilities that ship and/or receive COI. As 
described in the 60-day notice, CISA completes approximately 1,920 
compliance inspections per year. Of these, approximately 44 percent of 
the covered chemical facilities inspected ship COI. Therefore, CISA 
estimates 845 facilities were asked to identify facilities.
    With respect to the second section of the instrument (i.e., Assets 
at Risk), if a covered chemical facility has identified a cyber-related 
system in their Security Vulnerability Assessment (SVA) or Site 
Security Plan (SSP) information, CISA may request the information 
covered under this instrument during interactions that occur during: 
(1) Compliance Assistance Visits, (2) Authorization Inspections, and 
(3) a Compliance Inspections.\11\ Since October 2016 CISA has performed 
6,453 of these interactions at such facilities and asked questions 
about assets at risk. The results of these interactions and number of 
times CISA asked questions about assets at risk are provided in the 
table below:\12\
---------------------------------------------------------------------------

    \11\ This information is not covered under the SSP because the 
information is not subsequently submitted through the CSAT SSP but 
rather documented by an inspector or other appropriate employee of 
CISA.
    \12\ The data element used to determine whether or not cyber 
questions were explicitly asked as a part of compliance questions 
CISA is whether the data from the SVA and SSP were auto-populated in 
Compliance Inspection reports. This process began during FY2016 and 
thus the estimate of 1066 is an undercount of the total questions 
asked during the FY.

----------------------------------------------------------------------------------------------------------------
                                                   FY2017 (10/2016-09/  FY2018 (10/2017-09/  FY2019 (10/2018-02/
                                                          2017)                2018)                2019)
----------------------------------------------------------------------------------------------------------------
Compliance Assistance Visits.....................                  824                1,444                  388
Authorization Inspections........................                  128                  875                   85
Compliance Inspections...........................            \12\ 1066                 1009                  634
                                                  --------------------------------------------------------------
    Subtotal.....................................                2,018                3,328                1,107
                                                  --------------------------------------------------------------
        Total....................................  ...................  ...................                6,453
----------------------------------------------------------------------------------------------------------------

    Comment: The commenter requested information about how many 
facilities voluntarily provided information to the first section (i.e., 
Identification of Facilities) and the second section (i.e., Assets at 
Risk) of the ``Identification of Additional Facilities and Assets at 
Risk'' instrument.
    Response: With respect to the first section of the instrument (i.e. 
Identification of Facilities), approximately 15 facilities provided 
information that identified other facilities. With respect to the 
second section (i.e., Assets at Risk), every facility provided 
information about their assets at risk.
    Comment: The commenter requested information about whether any data 
provided in the ``Assets at Risk'' section of the instrument had not 
been previously provided in an approved facility's site security plan 
(SSP).
    Response: CISA has found that the information generally collected 
under the section (Assets at Risk) is not information previously 
provided in an approved facility's SSP or ASP. The information 
collected through the second section of the instrument generally 
supplements the information provided by covered chemical facilities in 
their SSP or ASP. Information collected through this instrument is 
recorded in case files created by CISA employees outside of the SSP or 
ASP (e.g., Compliance Inspection Reports).
    Comment: The commenter requested information about the outcomes 
from the information collected under the first section (i.e. 
Identification of Facilities) of this instrument. Specifically: (1) How 
many of the facilities identified by CISA through information collected 
from the first section of this instrument had not previously completed 
a Top Screen submission; (2) Of those previously unidentified 
facilities, how many subsequently submitted Top-Screens; and (3) Of 
those previously unidentified facilities that submitted Top Screens, 
how many were subsequently identified as being at high-risk.
    Response: CISA began routinely requesting information under the 
first section (i.e., Identification of Facilities) of this instrument 
in 2018. Since then CISA approximately 15 facilities responded to the 
request for information, those that did respond provided valuable data. 
CISA received information on 172 facilities that had not previously 
submitted Top-Screens. CISA is currently working with those facilities 
to determine if they are required to submit a Top-Screen. As of 
February 2019, from the 172 facilities CISA has received 27 Top-Screens 
of which 18 were subsequently determined to be high-risk (i.e., 66%). 
CISA believes that voluntarily supplied customer and suppliers lists 
are an excellent source of information to identify chemical facilities 
of interest and covered chemical facilities.
    Comment: The commenter also asked why this instrument was not 
mentioned in the FY 2019 CFATS Outreach Implementation Plan.\13\
---------------------------------------------------------------------------

    \13\ The FY19 CFATS Outreach Implementation Plan is required by 
the Protecting and Securing Chemical Facilities from Terrorist 
Attacks Act of 2014 (the CFATS Act of 2014), Public Law 113-254 (6 
U.S.C. 621 et seq.). The CFATS Act of 2014 directed the Department 
of Homeland Security, among other provisions, to establish an 
outreach implementation plan in coordination with the heads of 
appropriate Federal and State agencies, relevant business 
associations, and public and private stakeholders' labor 
organizations in order to identify chemical facilities of interest 
(CFOI) that may be subject to regulations under CFATS and to make 
available compliance assistance materials and information on CFATS-
related education and training. The FY19 CFATS Outreach 
Implementation Plan may be viewed at (https://www.dhs.gov/publication/cfats-oip).
---------------------------------------------------------------------------

    Response: CISA did not include this process, by which CISA could 
potentially identify facilities, because of the low response rate. CISA 
will consider including it in the next outreach plan.

[[Page 19932]]

2. Analysis

    CISA continues to rely on the analysis and resulting burden 
estimates provided in the 60-day notice for the: (1) Top-Screen, (2) 
Security Vulnerability Assessment (SVA) and Alternative Security Plan 
(ASP) submitted in lieu of an SVA, (3) SSP and ASP submitted in lieu of 
an SSP, (4) CFATS Help Desk, and (5) CSAT User Registration. CISA has 
revised its analysis and resulting burden estimates for the instrument, 
``Identification of Facilities and Assets at Risk.'' CISA's analysis is 
described in the next section.
    CISA would also like to clarify the scope and purpose of one aspect 
of the CSAT User Registration instrument that does not revise its 
burden estimate. Specifically, that CISA uses the Authorizer role in 
CSAT to send official correspondence.

3. CISA'S Methodology in Estimating the Burden for Identification of 
Additional Facilities and Assets at Risk

Number of Respondents

    The current information collection estimated that each year 211 
respondents would respond to this instrument. In the 60-day notice, 
CISA estimated that the annual number of respondents to be 845. As a 
result of public comment CISA has revised its estimate in this notice 
from 845 to 3,426. This revised estimate is based upon the sum of 845 
respondents for the first section of this instrument (see 60-day notice 
for the basis of this estimate) and 2,581 respondents for the second 
section of this instrument. CISA estimated 2,581 respondents for the 
second section by annualizing the number of interactions described 
earlier in this notice since October of 2016 (i.e., 2,581 = [6,453 
respondents over a 2.5 year time span/2.5 years]).

Estimated Time per Respondent

    In the current information collection, the estimated time per 
respondent is 0.17 hours (10 minutes). CISA believes that this estimate 
is reasonable for either the first or the second section of the 
instrument. Therefore, in this ICR, CISA maintains this estimate.

Annual Burden Hours

    The annual burden estimate is 571 hours [ = 3,426 respondents x 1 
response per respondent x 0.17 hours per respondent].

Total Annual Burden Cost

    CISA assumes that SSOs will be responsible for providing this 
information. Therefore, to estimate the total annual burden, CISA 
multiplied the annual burden of 571 hours by the average hourly 
compensation rate of SSOs. The total annual burden for the 
Identification of Additional Facilities and Assets at Risk is $45,505 [ 
= 571 annual burden hours x $79.69 per hour].

Total Burden Cost (Capital/Startup)

    In the current information collection, CISA estimated a one-time 
capital cost would be incurred by 3,000 respondents as a result of the 
CSAT 2.0 implementation. These capital costs were one-time costs for 
respondents and therefore have been removed from this information 
collection.

Total Recordkeeping Burden

    There is no recordkeeping burden for this instrument.

Public Participation

    OMB is particularly interested in comments that:
    1. Evaluate whether the proposed collection of information is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    2. Evaluate the accuracy of the agency's estimate of the burden of 
the proposed collection of information, including the validity of the 
methodology and assumptions used;
    3. Enhance the quality, utility, and clarity of the information to 
be collected; and
    4. Minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques, 
or other forms of information technology (e.g., permitting electronic 
submissions of responses).

Analysis

    Title of Collection: Chemical Security Assessment Tool.
    OMB Control Number: 1670-0007.
    Instrument: Top-Screen.
    Frequency: ``On occasion'' and ``Other''.
    Affected Public: Business or other for-profit.
    Annual Number of Respondents: 2,332 respondents (estimate).
    Estimated Time per Respondent: 1.09 hours.
    Total Annual Burden Hours: 2,553 hours.
    Total Annual Burden Cost: $203,450.
    Total Annual Burden Cost (capital/startup): $0.
    Total Recordkeeping Burden: $0

    Instrument: Security Vulnerability Assessment and Alternative 
Security Program submitted in lieu of a Security Vulnerability 
Assessment.
    Frequency: ``On occasion'' and ``Other.''
    Affected Public: Business or other for-profit.
    Annual Number of Respondents: 1,683 respondents (estimate).
    Estimated Time per Respondent: 1.24 hours.
    Total Annual Burden Hours: 2,083 hours.
    Total Annual Burden Cost: $166,028.
    Total Annual Burden Cost (capital/startup): $0.
    Total Recordkeeping Burden: $0.

    Instrument: Site Security Plan and Alternative Security Program 
submitted in lieu of a Site Security Plan.
    Frequency: ``On occasion'' and ``Other.''
    Affected Public: Business or other for-profit.
    Annual Number of Respondents: 1,683 respondents (estimate).
    Estimated Time per Respondent: 2.72 hours.
    Total Annual Burden Hours: 4,582 hours.
    Total Annual Burden Cost: $365,141.
    Total Annual Burden Cost (capital/startup): $0.
    Total Recordkeeping Burden: $516,825.

    Instrument: CFATS Help Desk.
    Frequency: ``On occasion'' and ``Other.''
    Affected Public: Business or other for-profit.
    Annual Number of Respondents: 15,000 respondents (estimate).
    Estimated Time per Respondent: 0.17 hours.
    Total Annual Burden Hours: 2,500 hours.
    Total Annual Burden Cost: $199,233.
    Total Annual Burden Cost (capital/startup): $0.
    Total Recordkeeping Burden: $0.

    Instrument: User Registration.
    Frequency: ``On occasion'' and ``Other''
    Affected Public: Business or other for-profit.
    Annual Number of Respondents: 1,000 respondents (estimate).
    Estimated Time per Respondent: 2.5 hours.
    Total Annual Burden Hours: 2,500 hours.
    Total Annual Burden Cost: $199,233.
    Total Annual Burden Cost (capital/startup): $0.
    Total Recordkeeping Burden: $0.

    Instrument: Identification of Facilities and Assets at Risk.
    Frequency: ``On occasion'' and ``Other.''

[[Page 19933]]

    Affected Public: Business or other for-profit.
    Annual Number of Respondents: 3,426 respondents (estimate).
    Estimated Time per Respondent: 0.17 hours.
    Total Annual Burden Hours: 571 hours.
    Total Annual Burden Cost: $45,505.
    Total Annual Burden Cost (capital/startup): $0.
    Total Recordkeeping Burden: $0.

Scott Libby,
Deputy Chief Information Officer.
[FR Doc. 2019-09319 Filed 5-6-19; 8:45 am]
 BILLING CODE 9110-9P-P


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.