Cybersecurity and Infrastructure Security Agency; Availability of Draft Binding Operational Directive 20-01, 69761 [2019-27307]
Download as PDF
<![CDATA[
Federal Register / Vol. 84, No. 244 / Thursday, December 19, 2019 / Notices
areas determined to have been adversely
affected by the event declared a major
disaster by the President in his
declaration of October 21, 2019.
Broward and Volusia Counties for Public
Assistance.
The following Catalog of Federal Domestic
Assistance Numbers (CFDA) are to be used
for reporting and drawing funds: 97.030,
Community Disaster Loans; 97.031, Cora
Brown Fund; 97.032, Crisis Counseling;
97.033, Disaster Legal Services; 97.034,
Disaster Unemployment Assistance (DUA);
97.046, Fire Management Assistance Grant;
97.048, Disaster Housing Assistance to
Individuals and Households In Presidentially
Declared Disaster Areas; 97.049,
Presidentially Declared Disaster Assistance—
Disaster Housing Operations for Individuals
and Households; 97.050 Presidentially
Declared Disaster Assistance to Individuals
and Households—Other Needs; 97.036,
Disaster Grants—Public Assistance
(Presidentially Declared Disasters); 97.039,
Hazard Mitigation Grant.
Pete Gaynor,
Acting Administrator, Federal Emergency
Management Agency.
[FR Doc. 2019–27303 Filed 12–18–19; 8:45 am]
BILLING CODE 9111–23–P
DEPARTMENT OF HOMELAND
SECURITY
Cybersecurity and Infrastructure
Security Agency; Availability of Draft
Binding Operational Directive 20–01
Cybersecurity and
Infrastructure Security Agency, DHS.
AGENCY:
Notice of availability; request
for comments.
ACTION:
Through this notice, CISA is
making available a draft binding
operational directive that will apply to
all Federal, executive branch
departments and agencies relating to
vulnerability disclosure policies. The
draft binding operational directive
proposes requiring agencies to develop
and publish a vulnerability disclosure
policy (VDP) and maintain supporting
handling procedures. This notice also
requests comment on the draft binding
operational directive.
SUMMARY:
Comments are due by December
27, 2019.
DATES:
Overview of Draft BOD 20–01
You may send comments by
any of the following methods:
• Agency Website: For instructions on
how to provide comments, please follow
the instructions provided at https://
cyber.dhs.gov/bod/20-01/.
• Email: BOD.Feedback@
cisa.dhs.gov. Include ‘‘Draft Binding
On November 27, 2019, CISA posted
draft directive 20–01, titled ‘‘Develop
and Publish a Vulnerability Disclosure
Policy,’’ for public feedback at https://
cyber.dhs.gov/bod/20-01. This directive
requires each agency to develop and
publish a vulnerability disclosure policy
(VDP), enable receipt of unsolicited
vulnerability reports, maintain
ADDRESSES:
lotter on DSKBCFDHB2PROD with NOTICES
Operational Directive 20–01’’ in the
subject line of the email.
Instructions: The full text of the draft
Binding Operational Directive 20–01 is
available at https://cyber.dhs.gov./bod/
20-01/. Do not submit comments that
include trade secrets, confidential
commercial or financial information,
Chemical-terrorism Vulnerability
Information (CVI), Protected Critical
Infrastructure Information (PCII), or
Sensitive Security Information (SSI). All
written comments received will be
posted without alteration at https://
github.com/, including any personal
information. Contact information
submitted through email will not be
posted to https://github.com/, except for
any name and affiliation included in the
comment.
SUPPLEMENTARY INFORMATION: The
Department of Homeland Security
(‘‘DHS’’ or ‘‘the Department’’) has the
statutory responsibility, in consultation
with the Office of Management and
Budget, to administer the
implementation of agency information
security policies and practices for
information systems, which includes
assisting agencies and providing certain
government-wide protections. 44 U.S.C.
3553(b). As part of that responsibility,
the Department is authorized to
‘‘develop[ ] and oversee[ ] the
implementation of binding operational
directives to agencies to implement the
policies, principles, standards, and
guidance developed by the Director [of
the Office of Management and Budget]
and [certain] requirements of [the
Federal Information Security
Modernization Act of 2014.]’’ 44 U.S.C.
3553(b)(2). A binding operational
directive (‘‘BOD’’) is ‘‘a compulsory
direction to an agency that (A) is for
purposes of safeguarding Federal
information and information systems
from a known or reasonably suspected
information security threat,
vulnerability, or risk; [and] (B) [is] in
accordance with policies, principles,
standards, and guidelines issued by the
Director[.]’’ 44 U.S.C. 3552(b)(1).
Agencies are required to comply with
these directives. 44 U.S.C.
3554(a)(1)(B)(ii).
VerDate Sep<11>2014
19:13 Dec 18, 2019
Jkt 250001
PO 00000
Frm 00042
Fmt 4703
Sfmt 4703
69761
supporting handling procedures for any
vulnerability reports received, and
report certain metrics to CISA. DHS is
publishing this notice of availability to
provide awareness of the draft binding
operational directive being available
now for review and comment.
Dated: December 13, 2019.
Richard Driggers,
Deputy Assistant Director, Cybersecurity
Division, Cybersecurity and Infrastructure
Security Agency, Department of Homeland
Security.
[FR Doc. 2019–27307 Filed 12–18–19; 8:45 am]
BILLING CODE 9110–9P–P
DEPARTMENT OF HOMELAND
SECURITY
U.S. Immigration and Customs
Enforcement
Revision of a Currently Approved
Collection: Immigration Bond;
Correction
U.S. Immigration and Customs
Enforcement, DHS.
AGENCY:
ACTION:
Notice; correction.
On August 27, 2019 ICE
published in the Federal Register
requests for comments on the revision of
the currently approved I–352
Immigration Bond collection. An
information field did not display
correctly on the published version of the
revised draft bond form.
SUMMARY:
For
specific question related to collection
activities, please contact: Justin Gellert,
202–732–5462, justin.c.gellert@
ice.dhs.gov, Enforcement and Removal
Operations, Bond Management Unit,
ICE.
FOR FURTHER INFORMATION CONTACT:
The revised bond form that was
published by ICE inadvertently hid the
information line for the ‘‘name and
address of the person who executed a
written instrument with the surety
company requesting it to post bond,’’
also known as the indemnitor. This
information about the indemnitor is
requested on the current approved
version of the bond form, and the
information line will be included in the
final version of the revised form.
Dated: December 16, 2019.
Scott Elmore,
ICE PRA Clearance Officer.
[FR Doc. 2019–27404 Filed 12–18–19; 8:45 am]
BILLING CODE 9111–28–P
E:\FR\FM\19DEN1.SGM
19DEN1
]]>Agencies
[Federal Register Volume 84, Number 244 (Thursday, December 19, 2019)]
[Notices]
[Page 69761]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-27307]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Cybersecurity and Infrastructure Security Agency; Availability of
Draft Binding Operational Directive 20-01
AGENCY: Cybersecurity and Infrastructure Security Agency, DHS.
ACTION: Notice of availability; request for comments.
-----------------------------------------------------------------------
SUMMARY: Through this notice, CISA is making available a draft binding
operational directive that will apply to all Federal, executive branch
departments and agencies relating to vulnerability disclosure policies.
The draft binding operational directive proposes requiring agencies to
develop and publish a vulnerability disclosure policy (VDP) and
maintain supporting handling procedures. This notice also requests
comment on the draft binding operational directive.
DATES: Comments are due by December 27, 2019.
ADDRESSES: You may send comments by any of the following methods:
Agency Website: For instructions on how to provide
comments, please follow the instructions provided at https://cyber.dhs.gov/bod/20-01/.
Email: [email protected]. Include ``Draft Binding
Operational Directive 20-01'' in the subject line of the email.
Instructions: The full text of the draft Binding Operational
Directive 20-01 is available at https://cyber.dhs.gov./bod/20-01/. Do
not submit comments that include trade secrets, confidential commercial
or financial information, Chemical-terrorism Vulnerability Information
(CVI), Protected Critical Infrastructure Information (PCII), or
Sensitive Security Information (SSI). All written comments received
will be posted without alteration at https://github.com/, including any
personal information. Contact information submitted through email will
not be posted to https://github.com/, except for any name and
affiliation included in the comment.
SUPPLEMENTARY INFORMATION: The Department of Homeland Security (``DHS''
or ``the Department'') has the statutory responsibility, in
consultation with the Office of Management and Budget, to administer
the implementation of agency information security policies and
practices for information systems, which includes assisting agencies
and providing certain government-wide protections. 44 U.S.C. 3553(b).
As part of that responsibility, the Department is authorized to
``develop[ ] and oversee[ ] the implementation of binding operational
directives to agencies to implement the policies, principles,
standards, and guidance developed by the Director [of the Office of
Management and Budget] and [certain] requirements of [the Federal
Information Security Modernization Act of 2014.]'' 44 U.S.C.
3553(b)(2). A binding operational directive (``BOD'') is ``a compulsory
direction to an agency that (A) is for purposes of safeguarding Federal
information and information systems from a known or reasonably
suspected information security threat, vulnerability, or risk; [and]
(B) [is] in accordance with policies, principles, standards, and
guidelines issued by the Director[.]'' 44 U.S.C. 3552(b)(1). Agencies
are required to comply with these directives. 44 U.S.C.
3554(a)(1)(B)(ii).
Overview of Draft BOD 20-01
On November 27, 2019, CISA posted draft directive 20-01, titled
``Develop and Publish a Vulnerability Disclosure Policy,'' for public
feedback at https://cyber.dhs.gov/bod/20-01. This directive requires
each agency to develop and publish a vulnerability disclosure policy
(VDP), enable receipt of unsolicited vulnerability reports, maintain
supporting handling procedures for any vulnerability reports received,
and report certain metrics to CISA. DHS is publishing this notice of
availability to provide awareness of the draft binding operational
directive being available now for review and comment.
Dated: December 13, 2019.
Richard Driggers,
Deputy Assistant Director, Cybersecurity Division, Cybersecurity and
Infrastructure Security Agency, Department of Homeland Security.
[FR Doc. 2019-27307 Filed 12-18-19; 8:45 am]
BILLING CODE 9110-9P-P
