Cybersecurity and Infrastructure Security Agency Vulnerability Assessments, 32930-32931 [2019-14698]
Download as PDF
<![CDATA[
32930
Federal Register / Vol. 84, No. 132 / Wednesday, July 10, 2019 / Notices
jspears on DSK30JT082PROD with NOTICES
552b(c)(4) and 552b(c)(6), Title 5 U.S.C.,
as amended. The grant applications and
the discussions could disclose
confidential trade secrets or commercial
property such as patentable material,
and personal information concerning
individuals associated with the grant
applications, the disclosure of which
would constitute a clearly unwarranted
invasion of personal privacy.
Name of Committee: National Heart, Lung,
and Blood Institute Special Emphasis Panel;
R13 Conference Grant Review.
Date: July 30, 2019.
Time: 10:00 a.m. to 1:00 p.m.
Agenda: To review and evaluate grant
applications.
Place: National Institutes of Health, 6701
Rockledge Drive, Bethesda, MD 20892
(Virtual Meeting).
Contact Person: Keith A. Mintzer, Ph.D.,
Scientific Review Officer, Office of Scientific
Review, National Heart, Lung, and Blood
Institute, National Institutes of Health, 6701
Rockledge Drive, Room 7186, Bethesda, MD
20892, 301–594–7947, mintzerk@
nhlbi.nih.gov.
Name of Committee: National Heart, Lung,
and Blood Institute Special Emphasis Panel;
NHLBI Outstanding Investigator Award
(OIA).
Date: August 5–6, 2019.
Time: August 05, 2019, 1:00 p.m. to 7:00
p.m.
Agenda: To review and evaluate grant
applications.
Place: The William F. Bolger Center, 9600
Newbridge Drive, Potomac, MD 20854.
Time: August 06, 2019, 8:00 a.m. to 5:00
p.m.
Agenda: To review and evaluate grant
applications.
Place: The William F. Bolger Center, 9600
Newbridge Drive, Potomac, MD 20854.
Time: 1:00 p.m. to 5:00 p.m.
Agenda: To review and evaluate grant
applications.
Place: The William F. Bolger Center, 9600
Newbridge Drive, Potomac, MD 20854.
Contact Person: Melissa E. Nagelin, Ph.D.,
Scientific Review Officer, Office of Scientific
Review, National Heart, Lung, and Blood
Institute, National Institutes of Health, 6701
Rockledge Drive, Room 7202, Bethesda, MD
20892, 301–435–0297, nagelinmh2@
nhlbi.nih.gov.
Name of Committee: National Heart, Lung,
and Blood Institute Special Emphasis Panel;
Stimulating Access to Research in Residency
(StARR).
Date: August 21, 2019.
Time: 8:30 a.m. to 5:00 p.m.
Agenda: To review and evaluate grant
applications.
Place: Residence Inn Bethesda, 7335
Wisconsin Avenue, Bethesda, MD 20814.
Contact Person: Kristen Page, Ph.D.,
Scientific Review Officer, Office of Scientific
Review, National Heart, Lung, and Blood
Institute, National Institutes of Health, 6701
Rockledge Drive, Room 7185, Bethesda, MD
20892, 301–827–7953, kristen.page@nih.gov.
Name of Committee: National Heart, Lung,
and Blood Institute Special Emphasis Panel;
VerDate Sep<11>2014
18:32 Jul 09, 2019
Jkt 247001
Continuation of Existing Grant Based
Epidemiology Cohort Studies in Heart, Lung,
Blood, and Sleep Diseases and Disorders.
Date: August 22, 2019.
Time: 2:00 p.m. to 4:00 p.m.
Agenda: To review and evaluate grant
applications.
Place: National Institutes of Health, 6701
Rockledge Drive, Room 7180, Bethesda, MD
20892 (Telephone Conference Call).
Contact Person: Tony L. Creazzo, Ph.D.,
Scientific Review Officer, Office of Scientific
Review, National Heart, Lung, and Blood
Institute, National Institutes of Health, 6701
Rockledge Drive, Room 7180, Bethesda, MD
20892, 301–827–7913, creazzotl@
mail.nih.gov.
(Catalogue of Federal Domestic Assistance
Program Nos. 93.233, National Center for
Sleep Disorders Research; 93.837, Heart and
Vascular Diseases Research; 93.838, Lung
Diseases Research; 93.839, Blood Diseases
and Resources Research, National Institutes
of Health, HHS)
Dated: July 3, 2019.
Ronald J. Livingston, Jr.,
Program Analyst, Office of Federal Advisory
Committee Policy.
[FR Doc. 2019–14647 Filed 7–9–19; 8:45 am]
BILLING CODE 4140–01–P
DEPARTMENT OF HOMELAND
SECURITY
[Docket No. CISA–2019–0007]
Cybersecurity and Infrastructure
Security Agency Vulnerability
Assessments
Infrastructure Security Division
(ISD), Cybersecurity and Infrastructure
Security Agency (CISA), Department of
Homeland Security (DHS).
ACTION: 60-Day notice and request for
comments; Revision, 1670–0035.
AGENCY:
DHS CISA ISD will submit
the following information collection
request (ICR) to the Office of
Management and Budget (OMB) for
review and clearance in accordance
with the Paperwork Reduction Act of
1995.
DATES: Comments are due by September
9, 2019.
ADDRESSES: You may submit comments,
identified by docket number CISA–
2019–0007, by one of the following
methods:
• Federal eRulemaking Portal: https://
www.regulations.gov. Please follow the
instructions for submitting comments.
• Email: IPGatewayHelpDesk@
hq.dhs.gov. Please include docket
number CISA–2019–0007 in the subject
line of the message.
• Mail: Written comments and
questions about this Information
Collection Request should be forwarded
SUMMARY:
PO 00000
Frm 00072
Fmt 4703
Sfmt 4703
to DHS/CISA/ISD, ATTN: 1670–0035,
245 Murray Lane SW, Mail Stop 0602,
Washington, DC 20598–0602.
Instructions: All submissions received
must include the words ‘‘Department of
Homeland Security’’ and the docket
number for this action. Comments
received will be posted without
alteration at https://www.regulations.gov,
including any personal information
provided.
Docket: For access to the docket and
comments received, please go to
www.regulations.gov and enter docket
number CISA–2019–0007.
Comments submitted in response to
this notice may be made available to the
public through relevant websites. For
this reason, please do not include in
your comments information of a
confidential nature, such as sensitive
personal information or proprietary
information. If you send an email
comment, your email address will be
automatically captured and included as
part of the comment that is placed in the
public docket and made available on the
internet. Please note that responses to
this public comment request containing
any routine notice about the
confidentiality of the communication
will be treated as public comments that
may be made available to the public
notwithstanding the inclusion of the
routine notice.
FOR FURTHER INFORMATION CONTACT:
Ricky Morgan, 866–844–8163,
IPGatewayHelpDesk@hq.dhs.gov.
SUPPLEMENTARY INFORMATION: The
Homeland Security Presidential
Directive-7, the Presidential Policy
Directive-21, and the National
Infrastructure Protection Plan highlight
the need for a centrally managed
repository of infrastructure attributes
capable of assessing risks and
facilitating data sharing. To support this
mission need, the DHS CISA ISD has
developed a data collection system that
contains several capabilities which
support the homeland security mission
in the area of critical infrastructure (CI)
protection.
Protective Security Advisors (PSAs)
and Cyber Security Advisors (CSAs)
conduct voluntary assessments on CI
facilities. These assessments are webbased and are used to collect an
organization’s basic, high-level
information, and its dependencies. This
data is then used to determine a
Protective Measures Index (PMI) and a
Resilience Measures Index (RMI) for the
assessed organization. This information
allows an organization to see how it
compares to other organizations within
the same sector as well as allows them
to see how adjusting certain aspects
E:\FR\FM\10JYN1.SGM
10JYN1
jspears on DSK30JT082PROD with NOTICES
Federal Register / Vol. 84, No. 132 / Wednesday, July 10, 2019 / Notices
would change their score. This allows
the organization to then determine
where best to allocate funding and
perform other high level decision
making processes pertaining to the
security and resiliency of the
organization.
The information will be gathered by
site visits, arranged between the
organization owners and DHS PSAs or
CSAs. The PSA or CSA will then visit
the site and perform the assessment, as
requested. They then return to complete
the vulnerability assessment and input
the data into the system where the data
is then accessible to system users. Once
available, the organization and other
relevant system users can then review
the data and use it for planning, risk
identification, mitigation and decision
making. All data is captured
electronically by the PSA, CSA or by the
organization as a self-assessment. The
vulnerability assessments are voluntary
but are required in order for the
organization to receive an evaluation of
their security posture.
After assessments are input into the
system, the user is prompted to
participate in a feedback questionnaire.
Every user is prompted to participate in
the Post Assessment questionnaire after
entering an assessment. Participation in
the Post Assessment questionnaire is
voluntary. The Post Assessment
Questionnaires are designed to capture
feedback about a vulnerability
assessment and the system. There are
three different questionnaires correlated
and prompted after entering a particular
assessment into the database. The
results are used internally within DHS
to make programmatic improvements.
The collection of information uses
automated electronic vulnerability
assessments and questionnaires. The
vulnerability assessments and
questionnaires are electronic in nature
and include questions that measure the
security, resiliency and dependencies of
an organization. The vulnerability
assessments are arranged at the request
of an organization and are then
scheduled and performed by a PSA or
CSA.
The changes to the collection since
the previous OMB approval include:
Updating the title of the collection,
adding three customer feedback
questionnaires, increase in burden
estimates and costs. The three
questionnaires were added to the
collection to provide user feedback on
the content and functionality of the
system. The addition of the
questionnaires have increased the
burden estimates by $3,861.
The annual burden cost for the
collection has increased by $121,591,
VerDate Sep<11>2014
18:32 Jul 09, 2019
Jkt 247001
from $1,786,166 to $1,907,757, due to
the addition of the Post Assessment
Questionnaires and updated wage rates.
The annual government cost for the
collection has increased by $509,195,
from $1,710,959 to $2,220,152, due to
the addition of the Post Assessment
Questionnaires and updated wage rates.
This is a revision and renewal of an
information collection.
OMB is particularly interested in
comments that:
1. Evaluate whether the proposed
collection of information is necessary
for the proper performance of the
functions of the agency, including
whether the information will have
practical utility;
2. Evaluate the accuracy of the
agency’s estimate of the burden of the
proposed collection of information,
including the validity of the
methodology and assumptions used;
3. Enhance the quality, utility, and
clarity of the information to be
collected; and
4. Minimize the burden of the
collection of information on those who
are to respond, including through the
use of appropriate automated,
electronic, mechanical, or other
technological collection techniques or
other forms of information technology,
e.g., permitting electronic submissions
of responses.
Title of Collection: Cybersecurity and
Infrastructure Security Agency
Vulnerability Assessments.
OMB Control Number: 1670–0035.
Frequency: Annually.
Affected Public: State, Local, Tribal,
and Territorial Governments and Private
Sector Individuals.
Number of Annualized Respondents:
3,181.
Estimated Time per Respondent: 7.5
hours, 0.17 hours.
Total Annualized Burden Hours:
21,907 hours.
Total Annualized Respondent
Opportunity Cost: $1,907,757.
Total Annualized Respondent Out-ofPocket Cost: $0.
Total Annualized Government Cost:
$2,220,152.
Scott Libby,
Deputy Chief Information Officer.
[FR Doc. 2019–14698 Filed 7–9–19; 8:45 am]
BILLING CODE 9910–9P–P
DEPARTMENT OF HOMELAND
SECURITY
[Docket No. CISA–2019–0008]
IP Gateway User Registration
Infrastructure Security Division
(ISD), Cybersecurity and Infrastructure
AGENCY:
PO 00000
Frm 00073
Fmt 4703
Sfmt 4703
32931
Security Agency (CISA), Department of
Homeland Security (DHS).
ACTION: 60-Day notice and request for
comments; revision, 1670–0009.
DHS CISA ISD will submit
the following information collection
request (ICR) to the Office of
Management and Budget (OMB) for
review and clearance in accordance
with the Paperwork Reduction Act of
1995.
DATES: Comments are due by September
9, 2019.
ADDRESSES: You may submit comments,
identified by docket number CISA–
2019–0008, by one of the following
methods:
• Federal eRulemaking Portal: https://
www.regulations.gov. Please follow the
instructions for submitting comments.
• Email: IPGatewayHelpDesk@
hq.dhs.gov. Please include docket
number CISA–2019–0008 in the subject
line of the message.
• Mail: Written comments and
questions about this Information
Collection Request should be forwarded
to DHS/CISA/ISD, ATTN: 1670–0009,
245 Murray Lane SW, Mail Stop 0602,
Washington, DC 20598–0602.
Instructions: All submissions received
must include the words ‘‘Department of
Homeland Security’’ and the docket
number for this action. Comments
received will be posted without
alteration at https://www.regulations.gov,
including any personal information
provided.
Docket: For access to the docket and
comments received, please go to
www.regulations.gov and enter docket
number CISA–2019–0008.
Comments submitted in response to
this notice may be made available to the
public through relevant websites. For
this reason, please do not include in
your comments information of a
confidential nature, such as sensitive
personal information or proprietary
information. If you send an email
comment, your email address will be
automatically captured and included as
part of the comment that is placed in the
public docket and made available on the
internet. Please note that responses to
this public comment request containing
any routine notice about the
confidentiality of the communication
will be treated as public comments that
may be made available to the public
notwithstanding the inclusion of the
routine notice.
FOR FURTHER INFORMATION CONTACT:
Ricky Morgan, 866–844–8163,
IPGatewayHelpDesk@hq.dhs.gov.
SUPPLEMENTARY INFORMATION: The
Homeland Security Presidential
SUMMARY:
E:\FR\FM\10JYN1.SGM
10JYN1
]]>Agencies
[Federal Register Volume 84, Number 132 (Wednesday, July 10, 2019)]
[Notices]
[Pages 32930-32931]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-14698]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
[Docket No. CISA-2019-0007]
Cybersecurity and Infrastructure Security Agency Vulnerability
Assessments
AGENCY: Infrastructure Security Division (ISD), Cybersecurity and
Infrastructure Security Agency (CISA), Department of Homeland Security
(DHS).
ACTION: 60-Day notice and request for comments; Revision, 1670-0035.
-----------------------------------------------------------------------
SUMMARY: DHS CISA ISD will submit the following information collection
request (ICR) to the Office of Management and Budget (OMB) for review
and clearance in accordance with the Paperwork Reduction Act of 1995.
DATES: Comments are due by September 9, 2019.
ADDRESSES: You may submit comments, identified by docket number CISA-
2019-0007, by one of the following methods:
Federal eRulemaking Portal: https://www.regulations.gov.
Please follow the instructions for submitting comments.
Email: [email protected]. Please include docket
number CISA-2019-0007 in the subject line of the message.
Mail: Written comments and questions about this
Information Collection Request should be forwarded to DHS/CISA/ISD,
ATTN: 1670-0035, 245 Murray Lane SW, Mail Stop 0602, Washington, DC
20598-0602.
Instructions: All submissions received must include the words
``Department of Homeland Security'' and the docket number for this
action. Comments received will be posted without alteration at https://www.regulations.gov, including any personal information provided.
Docket: For access to the docket and comments received, please go
to www.regulations.gov and enter docket number CISA-2019-0007.
Comments submitted in response to this notice may be made available
to the public through relevant websites. For this reason, please do not
include in your comments information of a confidential nature, such as
sensitive personal information or proprietary information. If you send
an email comment, your email address will be automatically captured and
included as part of the comment that is placed in the public docket and
made available on the internet. Please note that responses to this
public comment request containing any routine notice about the
confidentiality of the communication will be treated as public comments
that may be made available to the public notwithstanding the inclusion
of the routine notice.
FOR FURTHER INFORMATION CONTACT: Ricky Morgan, 866-844-8163,
[email protected].
SUPPLEMENTARY INFORMATION: The Homeland Security Presidential
Directive-7, the Presidential Policy Directive-21, and the National
Infrastructure Protection Plan highlight the need for a centrally
managed repository of infrastructure attributes capable of assessing
risks and facilitating data sharing. To support this mission need, the
DHS CISA ISD has developed a data collection system that contains
several capabilities which support the homeland security mission in the
area of critical infrastructure (CI) protection.
Protective Security Advisors (PSAs) and Cyber Security Advisors
(CSAs) conduct voluntary assessments on CI facilities. These
assessments are web-based and are used to collect an organization's
basic, high-level information, and its dependencies. This data is then
used to determine a Protective Measures Index (PMI) and a Resilience
Measures Index (RMI) for the assessed organization. This information
allows an organization to see how it compares to other organizations
within the same sector as well as allows them to see how adjusting
certain aspects
[[Page 32931]]
would change their score. This allows the organization to then
determine where best to allocate funding and perform other high level
decision making processes pertaining to the security and resiliency of
the organization.
The information will be gathered by site visits, arranged between
the organization owners and DHS PSAs or CSAs. The PSA or CSA will then
visit the site and perform the assessment, as requested. They then
return to complete the vulnerability assessment and input the data into
the system where the data is then accessible to system users. Once
available, the organization and other relevant system users can then
review the data and use it for planning, risk identification,
mitigation and decision making. All data is captured electronically by
the PSA, CSA or by the organization as a self-assessment. The
vulnerability assessments are voluntary but are required in order for
the organization to receive an evaluation of their security posture.
After assessments are input into the system, the user is prompted
to participate in a feedback questionnaire. Every user is prompted to
participate in the Post Assessment questionnaire after entering an
assessment. Participation in the Post Assessment questionnaire is
voluntary. The Post Assessment Questionnaires are designed to capture
feedback about a vulnerability assessment and the system. There are
three different questionnaires correlated and prompted after entering a
particular assessment into the database. The results are used
internally within DHS to make programmatic improvements.
The collection of information uses automated electronic
vulnerability assessments and questionnaires. The vulnerability
assessments and questionnaires are electronic in nature and include
questions that measure the security, resiliency and dependencies of an
organization. The vulnerability assessments are arranged at the request
of an organization and are then scheduled and performed by a PSA or
CSA.
The changes to the collection since the previous OMB approval
include: Updating the title of the collection, adding three customer
feedback questionnaires, increase in burden estimates and costs. The
three questionnaires were added to the collection to provide user
feedback on the content and functionality of the system. The addition
of the questionnaires have increased the burden estimates by $3,861.
The annual burden cost for the collection has increased by
$121,591, from $1,786,166 to $1,907,757, due to the addition of the
Post Assessment Questionnaires and updated wage rates.
The annual government cost for the collection has increased by
$509,195, from $1,710,959 to $2,220,152, due to the addition of the
Post Assessment Questionnaires and updated wage rates.
This is a revision and renewal of an information collection.
OMB is particularly interested in comments that:
1. Evaluate whether the proposed collection of information is
necessary for the proper performance of the functions of the agency,
including whether the information will have practical utility;
2. Evaluate the accuracy of the agency's estimate of the burden of
the proposed collection of information, including the validity of the
methodology and assumptions used;
3. Enhance the quality, utility, and clarity of the information to
be collected; and
4. Minimize the burden of the collection of information on those
who are to respond, including through the use of appropriate automated,
electronic, mechanical, or other technological collection techniques or
other forms of information technology, e.g., permitting electronic
submissions of responses.
Title of Collection: Cybersecurity and Infrastructure Security
Agency Vulnerability Assessments.
OMB Control Number: 1670-0035.
Frequency: Annually.
Affected Public: State, Local, Tribal, and Territorial Governments
and Private Sector Individuals.
Number of Annualized Respondents: 3,181.
Estimated Time per Respondent: 7.5 hours, 0.17 hours.
Total Annualized Burden Hours: 21,907 hours.
Total Annualized Respondent Opportunity Cost: $1,907,757.
Total Annualized Respondent Out-of-Pocket Cost: $0.
Total Annualized Government Cost: $2,220,152.
Scott Libby,
Deputy Chief Information Officer.
[FR Doc. 2019-14698 Filed 7-9-19; 8:45 am]
BILLING CODE 9910-9P-P
