Agency Information Collection Activities: Vulnerability Discovery Program, 45166-45167 [2019-18576]

Download as PDF 45166 Federal Register / Vol. 84, No. 167 / Wednesday, August 28, 2019 / Notices Location and case No. State and county Tarrant (FEMA Docket No.: B– 1931). Tarrant (FEMA Docket No.: B– 1931). Williamson (FEMA Docket No.: B–1931). Wyoming: Laramie (FEMA Docket No.: B–1924). City of Arlington (18–06–3453P). Unincorporated areas of Tarrant County (19–06– 0403P). City of Cedar Park (18–06–3176P). Unincorporated areas of Laramie County (18–08– 1199P). Chief executive officer of community Community map repository Date of modification The Honorable Jeff Williams, Mayor, City of Arlington, P.O. Box 90231, Arlington, TX 76004. The Honorable B. Glen Whitley, Tarrant County Judge, 100 East Weatherford Street, Fort Worth, TX 76196. The Honorable Corbin Van Arsdale, Mayor, City of Cedar Park, 450 Cypress Creek Road, Building 1, Cedar Park, TX 78613. The Honorable Linda Heath, Chair, Laramie County Board of Commissioners, 310 West 19th Street, Suite 300, Cheyenne, WY 82001. City Hall, 101 West Abram Street, Arlington, TX 76010. Aug. 5, 2019 ................... 485454 Tarrant County Administration Building, 100 East Weatherford Street, Fort Worth, TX 76196. Jul. 26, 2019 ................... 480582 Engineering Department, 450 Cypress Creek Road, Building 1, Cedar Park, TX 78613. Jul. 30, 2019 ................... 481282 Laramie County Planning and Development Department, 3966 Archer Parkway, Cheyenne, WY 82009. Jul. 29, 2019 ................... 560029 [FR Doc. 2019–18551 Filed 8–27–19; 8:45 am] BILLING CODE 9110–12–P DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS–2019–0041] Agency Information Collection Activities: Vulnerability Discovery Program Officer of the Chief Information Security Officer, DHS. ACTION: 60-Day notice and request for comments; new collection, 1601–NEW. AGENCY: The Department of Homeland Security, Office of the Chief Information Security Officer, will submit the following Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995. SUMMARY: Comments are encouraged and will be accepted until October 28, 2019. This process is conducted in accordance with 5 CFR 1320.1. ADDRESSES: You may submit comments identified by docket number DHS– 2019–0041 http://www.regulations.gov. Please follow the instructions for submitting comments. SUPPLEMENTARY INFORMATION: Security vulnerabilities, defined in section 102(17) of the Cybersecurity Information Sharing Act of 2015, are any attribute of hardware, software, process, or procedure that could enable or facilitate the defeat of a security control. Security vulnerability mitigation is a process starting with discovery of the vulnerability leading to applying some solution to resolve the vulnerability. There is constantly a search for security vulnerabilities within information systems, from individuals or nation states wishing to bypass security controls to gain invaluable information, jbell on DSK3GLQ082PROD with NOTICES DATES: VerDate Sep<11>2014 20:14 Aug 27, 2019 Jkt 247001 to researchers seeking knowledge in the field of cyber security. Bypassing such security controls in the DHS information systems can cause catastrophic damage including but not limited to loss in Personally Identifiable Information (PII), sensitive information gathering, and data manipulation. Pursuant to section 101 of the Strengthening and Enhancing Cybercapabilities by Utilizing Risk Exposure Technology Act commonly known as the SECURE Technologies Act individuals, organizations, and companies will be able to submit discovered security vulnerabilities on the Department of Homeland Security (DHS) Information Systems. This collection would be used by these individuals, organizations, and companies who choose to submit a discovered vulnerability in the information system of the DHS. The form will include the following essential information: • Vulnerable host(s) • Necessary information for reproducing the security vulnerability • Remediation or suggestions for remediation of the vulnerability • Potential impact on host, if not remediated This form will allow the DHS to do two things (1) allow the individuals, organizations, and companies who discover vulnerabilities in the information systems of DHS to report their findings to the DHS. (2) give DHS first insight into newly discovered vulnerabilities, as well as zero-day vulnerabilities in order to mitigate the security issues prior to malicious actors acting on the vulnerability for malicious intent. The form will benefit researchers as it will provide a safe and lawful way for them to practice and discover new skills while discovering the vulnerabilities. Meanwhile, it will provide the same benefit to the DHS, in addition to enhanced information PO 00000 Frm 00047 Fmt 4703 Sfmt 4703 Community No. system security following the vulnerability mitigation. Respondents will be able to fill the form out online at https://www.dhs.gov and submit it thereafter. Links to the form will also be available at any of the DHS components websites (https:// www.tsa.gov/, https://www.ice.gov/, etc.). The collection of this information regarding to discovered security vulnerabilities by individuals, organizations, and companies is needed to fulfil the congressional mandate in Section 101 of the SECURE Technologies Act regarding a Vulnerability Disclosure Policy. In addition, without the ability to collect information on newly discovered security vulnerabilities in DHS information systems, the DHS will rely solely on the internal security personnel and or discovery through post occurrence of such a breach on security controls. The is new collection. The Office of Management and Budget is particularly interested in comments which: 1. Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility; 2. Evaluate the accuracy of the agency’s estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used; 3. Enhance the quality, utility, and clarity of the information to be collected; and 4. Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submissions of responses. E:\FR\FM\28AUN1.SGM 28AUN1 Federal Register / Vol. 84, No. 167 / Wednesday, August 28, 2019 / Notices Analysis Agency: The Department of Homeland Security, Officer of the Chief Information Security Officer. Title: Vulnerability Discovery Program. OMB Number: 1601–New. Frequency: On Occasion. Affected Public: Private Sector. Number of Respondents: 3000. Estimated Time Per Respondent: 3 Hours. Total Burden Hours: 9000. Dated: August 15, 2019. Melissa Bruce, Executive Director, Business Management Office. to withhold your personal identifying information from public review, we cannot guarantee that we will be able to do so. Nominations submitted by State Historic Preservation Officers: CALIFORNIA Riverside County Wexler House, 1272 E Verbena Dr., Palm Springs, SG100004404 Smith, Maurice, and Dinah Shore House, 432 Hermosa Place, Palm Springs, SG100004405 San Francisco County Swedish American Hall, 2168–2174 Market St., San Francisco, SG100004413 [FR Doc. 2019–18576 Filed 8–27–19; 8:45 am] IOWA BILLING CODE 9110–9B–P Black Hawk County Walnut Street Historic District, Franklin St., E 4th St., Argyle St., and E 2nd St., Waterloo, SG100004414 DEPARTMENT OF THE INTERIOR National Park Service NEW HAMPSHIRE [NPS–WASO–NRNHL–DTS#–28697; PPWOCRADI0, PCU00RP14.R50000] Carroll County New England Masonic Charitable Institute, 30 Town House Rd., Effingham, SG100004415 National Register of Historic Places; Notification of Pending Nominations and Related Actions Hillsborough County National Park Service, Interior. ACTION: Notice. AGENCY: The National Park Service is soliciting comments on the significance of properties nominated before August 10, 2019, for listing or related actions in the National Register of Historic Places. DATES: Comments should be submitted by September 12, 2019. ADDRESSES: Comments may be sent via U.S. Postal Service and all other carriers to the National Register of Historic Places, National Park Service, 1849 C St. NW, MS 7228, Washington, DC 20240. SUPPLEMENTARY INFORMATION: The properties listed in this notice are being considered for listing or related actions in the National Register of Historic Places. Nominations for their consideration were received by the National Park Service before August 10, 2019. Pursuant to Section 60.13 of 36 CFR part 60, written comments are being accepted concerning the significance of the nominated properties under the National Register criteria for evaluation. Before including your address, phone number, email address, or other personal identifying information in your comment, you should be aware that your entire comment—including your personal identifying information—may be made publicly available at any time. While you can ask us in your comment jbell on DSK3GLQ082PROD with NOTICES SUMMARY: VerDate Sep<11>2014 20:14 Aug 27, 2019 Jkt 247001 Sainte Marie Roman Catholic Church Parish Historic District, 378 Notre Dame Ave., 133 Wayne St., 279 & 284 Cartier St., Manchester, SG100004416 45167 Charleston County Mosquito Beach Historic District, Mosquito Beach Rd., Charleston vicinity, SG100004409 UTAH Emery County Castle Dale Bridge, Approx. 200 S Center St., Castle Dale vicinity, SG100004394 Salt Lake County Steiner American Building, 505 E South Temple, Salt Lake City, SG100004393 Weber County Weber County Main Library, 2464 Jefferson Ave., Ogden, SG100004395 WISCONSIN Rock County Milwaukee and Emerson Residential Historic District, Bounded by Oakwood Ave., Sherwood Ave., Bushnell St., and Central Ave., Beloit, SG100004387 In the interest of preservation, a SHORTENED comment period has been requested for the following resource: GEORGIA Fulton County Atlanta-Fulton Central Library, 1 Margaret Mitchell Square/126 Carnegie Way NW, Atlanta, SG100004411, Comment period: 3 days A request for removal has been made for the following resources: NEW YORK IOWA Monroe County Bremer County Green Mill Ford Bridge, (Highway Bridges of Iowa MPS), County road over Cedar R., Janesville vicinity, OT98000760 Powers Building and Powers Hotel (Boundary Increase), 16–42 W Main St., 20–56 Fitzhugh St., Rochester, BC100004417 Sullivan County Hasbrouck Stone House, 282 Hasbrouck Rd., Woodbourne, SG100004419 OHIO Cuyahoga County Warner & Swasey Company Building, 5701 Carnegie Ave., Cleveland, SG100004410 OKLAHOMA McClain County Harris Palace Store, 214 E Ripley St., Byars, SG100004399 Oklahoma County Oklahoma City Schools Administration Building, 400 N Walnut Ave., Oklahoma City, SG100004400 Trinity United Presbyterian Church, 2301 NE 23rd St., Oklahoma City, SG100004401 SOUTH CAROLINA Anderson County Ginn, Robert J. and Lula, House, 106 Webb St., Anderson, SG100004408 PO 00000 Frm 00048 Fmt 4703 Sfmt 4703 Howard County South Ward School, 500 S Elm St., Cresco, OT82000408 Humboldt County Des Moines River Bridge, (Highway Bridges of Iowa MPS), IA 3 over West Fork of Des Moines R., Humboldt vicinity, OT98000522 Warren County Warren County Court House, (PWA-Era County Courthouses of IA MPS), 115 N Howard Ave., Indianola, OT03000818 Wright County Goldfield Bridge, (Highway Bridges of Iowa MPS), Oak St. over Boone R., Goldfield, OT98000456 Additional documentation has been received for the following resources: ALABAMA Baldwin County Foley Downtown Historic District, Parts of Alston, N & S McKenzie, AL 98, E & W Laurel, Myrtle, Rose, and W. Orange Foley, AD04001496 E:\FR\FM\28AUN1.SGM 28AUN1

Agencies

[Federal Register Volume 84, Number 167 (Wednesday, August 28, 2019)]
[Notices]
[Pages 45166-45167]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-18576]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. DHS-2019-0041]


Agency Information Collection Activities: Vulnerability Discovery 
Program

AGENCY: Officer of the Chief Information Security Officer, DHS.

ACTION: 60-Day notice and request for comments; new collection, 1601-
NEW.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security, Office of the Chief 
Information Security Officer, will submit the following Information 
Collection Request (ICR) to the Office of Management and Budget (OMB) 
for review and clearance in accordance with the Paperwork Reduction Act 
of 1995.

DATES: Comments are encouraged and will be accepted until October 28, 
2019. This process is conducted in accordance with 5 CFR 1320.1.

ADDRESSES: You may submit comments identified by docket number DHS-
2019-0041 http://www.regulations.gov. Please follow the instructions 
for submitting comments.

SUPPLEMENTARY INFORMATION: Security vulnerabilities, defined in section 
102(17) of the Cybersecurity Information Sharing Act of 2015, are any 
attribute of hardware, software, process, or procedure that could 
enable or facilitate the defeat of a security control. Security 
vulnerability mitigation is a process starting with discovery of the 
vulnerability leading to applying some solution to resolve the 
vulnerability. There is constantly a search for security 
vulnerabilities within information systems, from individuals or nation 
states wishing to bypass security controls to gain invaluable 
information, to researchers seeking knowledge in the field of cyber 
security. Bypassing such security controls in the DHS information 
systems can cause catastrophic damage including but not limited to loss 
in Personally Identifiable Information (PII), sensitive information 
gathering, and data manipulation.
    Pursuant to section 101 of the Strengthening and Enhancing Cyber-
capabilities by Utilizing Risk Exposure Technology Act commonly known 
as the SECURE Technologies Act individuals, organizations, and 
companies will be able to submit discovered security vulnerabilities on 
the Department of Homeland Security (DHS) Information Systems. This 
collection would be used by these individuals, organizations, and 
companies who choose to submit a discovered vulnerability in the 
information system of the DHS.
    The form will include the following essential information:

 Vulnerable host(s)
 Necessary information for reproducing the security 
vulnerability
 Remediation or suggestions for remediation of the 
vulnerability
 Potential impact on host, if not remediated

    This form will allow the DHS to do two things (1) allow the 
individuals, organizations, and companies who discover vulnerabilities 
in the information systems of DHS to report their findings to the DHS. 
(2) give DHS first insight into newly discovered vulnerabilities, as 
well as zero-day vulnerabilities in order to mitigate the security 
issues prior to malicious actors acting on the vulnerability for 
malicious intent. The form will benefit researchers as it will provide 
a safe and lawful way for them to practice and discover new skills 
while discovering the vulnerabilities. Meanwhile, it will provide the 
same benefit to the DHS, in addition to enhanced information system 
security following the vulnerability mitigation.
    Respondents will be able to fill the form out online at https://www.dhs.gov and submit it thereafter. Links to the form will also be 
available at any of the DHS components websites (https://www.tsa.gov/, 
https://www.ice.gov/, etc.).
    The collection of this information regarding to discovered security 
vulnerabilities by individuals, organizations, and companies is needed 
to fulfil the congressional mandate in Section 101 of the SECURE 
Technologies Act regarding a Vulnerability Disclosure Policy. In 
addition, without the ability to collect information on newly 
discovered security vulnerabilities in DHS information systems, the DHS 
will rely solely on the internal security personnel and or discovery 
through post occurrence of such a breach on security controls.
    The is new collection.
    The Office of Management and Budget is particularly interested in 
comments which:
    1. Evaluate whether the proposed collection of information is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    2. Evaluate the accuracy of the agency's estimate of the burden of 
the proposed collection of information, including the validity of the 
methodology and assumptions used;
    3. Enhance the quality, utility, and clarity of the information to 
be collected; and
    4. Minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology, e.g., permitting electronic 
submissions of responses.

[[Page 45167]]

Analysis

    Agency: The Department of Homeland Security, Officer of the Chief 
Information Security Officer.
    Title: Vulnerability Discovery Program.
    OMB Number: 1601-New.
    Frequency: On Occasion.
    Affected Public: Private Sector.
    Number of Respondents: 3000.
    Estimated Time Per Respondent: 3 Hours.
    Total Burden Hours: 9000.

    Dated: August 15, 2019.
Melissa Bruce,
Executive Director, Business Management Office.
[FR Doc. 2019-18576 Filed 8-27-19; 8:45 am]
BILLING CODE 9110-9B-P