Cybersecurity and Infrastructure Security Agency; Availability of Draft Binding Operational Directive 20-01, 69761 [2019-27307]

Download as PDF Federal Register / Vol. 84, No. 244 / Thursday, December 19, 2019 / Notices areas determined to have been adversely affected by the event declared a major disaster by the President in his declaration of October 21, 2019. Broward and Volusia Counties for Public Assistance. The following Catalog of Federal Domestic Assistance Numbers (CFDA) are to be used for reporting and drawing funds: 97.030, Community Disaster Loans; 97.031, Cora Brown Fund; 97.032, Crisis Counseling; 97.033, Disaster Legal Services; 97.034, Disaster Unemployment Assistance (DUA); 97.046, Fire Management Assistance Grant; 97.048, Disaster Housing Assistance to Individuals and Households In Presidentially Declared Disaster Areas; 97.049, Presidentially Declared Disaster Assistance— Disaster Housing Operations for Individuals and Households; 97.050 Presidentially Declared Disaster Assistance to Individuals and Households—Other Needs; 97.036, Disaster Grants—Public Assistance (Presidentially Declared Disasters); 97.039, Hazard Mitigation Grant. Pete Gaynor, Acting Administrator, Federal Emergency Management Agency. [FR Doc. 2019–27303 Filed 12–18–19; 8:45 am] BILLING CODE 9111–23–P DEPARTMENT OF HOMELAND SECURITY Cybersecurity and Infrastructure Security Agency; Availability of Draft Binding Operational Directive 20–01 Cybersecurity and Infrastructure Security Agency, DHS. AGENCY: Notice of availability; request for comments. ACTION: Through this notice, CISA is making available a draft binding operational directive that will apply to all Federal, executive branch departments and agencies relating to vulnerability disclosure policies. The draft binding operational directive proposes requiring agencies to develop and publish a vulnerability disclosure policy (VDP) and maintain supporting handling procedures. This notice also requests comment on the draft binding operational directive. SUMMARY: Comments are due by December 27, 2019. DATES: Overview of Draft BOD 20–01 You may send comments by any of the following methods: • Agency Website: For instructions on how to provide comments, please follow the instructions provided at https:// cyber.dhs.gov/bod/20-01/. • Email: BOD.Feedback@ cisa.dhs.gov. Include ‘‘Draft Binding On November 27, 2019, CISA posted draft directive 20–01, titled ‘‘Develop and Publish a Vulnerability Disclosure Policy,’’ for public feedback at https:// cyber.dhs.gov/bod/20-01. This directive requires each agency to develop and publish a vulnerability disclosure policy (VDP), enable receipt of unsolicited vulnerability reports, maintain ADDRESSES: lotter on DSKBCFDHB2PROD with NOTICES Operational Directive 20–01’’ in the subject line of the email. Instructions: The full text of the draft Binding Operational Directive 20–01 is available at https://cyber.dhs.gov./bod/ 20-01/. Do not submit comments that include trade secrets, confidential commercial or financial information, Chemical-terrorism Vulnerability Information (CVI), Protected Critical Infrastructure Information (PCII), or Sensitive Security Information (SSI). All written comments received will be posted without alteration at https:// github.com/, including any personal information. Contact information submitted through email will not be posted to https://github.com/, except for any name and affiliation included in the comment. SUPPLEMENTARY INFORMATION: The Department of Homeland Security (‘‘DHS’’ or ‘‘the Department’’) has the statutory responsibility, in consultation with the Office of Management and Budget, to administer the implementation of agency information security policies and practices for information systems, which includes assisting agencies and providing certain government-wide protections. 44 U.S.C. 3553(b). As part of that responsibility, the Department is authorized to ‘‘develop[ ] and oversee[ ] the implementation of binding operational directives to agencies to implement the policies, principles, standards, and guidance developed by the Director [of the Office of Management and Budget] and [certain] requirements of [the Federal Information Security Modernization Act of 2014.]’’ 44 U.S.C. 3553(b)(2). A binding operational directive (‘‘BOD’’) is ‘‘a compulsory direction to an agency that (A) is for purposes of safeguarding Federal information and information systems from a known or reasonably suspected information security threat, vulnerability, or risk; [and] (B) [is] in accordance with policies, principles, standards, and guidelines issued by the Director[.]’’ 44 U.S.C. 3552(b)(1). Agencies are required to comply with these directives. 44 U.S.C. 3554(a)(1)(B)(ii). VerDate Sep<11>2014 19:13 Dec 18, 2019 Jkt 250001 PO 00000 Frm 00042 Fmt 4703 Sfmt 4703 69761 supporting handling procedures for any vulnerability reports received, and report certain metrics to CISA. DHS is publishing this notice of availability to provide awareness of the draft binding operational directive being available now for review and comment. Dated: December 13, 2019. Richard Driggers, Deputy Assistant Director, Cybersecurity Division, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security. [FR Doc. 2019–27307 Filed 12–18–19; 8:45 am] BILLING CODE 9110–9P–P DEPARTMENT OF HOMELAND SECURITY U.S. Immigration and Customs Enforcement Revision of a Currently Approved Collection: Immigration Bond; Correction U.S. Immigration and Customs Enforcement, DHS. AGENCY: ACTION: Notice; correction. On August 27, 2019 ICE published in the Federal Register requests for comments on the revision of the currently approved I–352 Immigration Bond collection. An information field did not display correctly on the published version of the revised draft bond form. SUMMARY: For specific question related to collection activities, please contact: Justin Gellert, 202–732–5462, justin.c.gellert@ ice.dhs.gov, Enforcement and Removal Operations, Bond Management Unit, ICE. FOR FURTHER INFORMATION CONTACT: The revised bond form that was published by ICE inadvertently hid the information line for the ‘‘name and address of the person who executed a written instrument with the surety company requesting it to post bond,’’ also known as the indemnitor. This information about the indemnitor is requested on the current approved version of the bond form, and the information line will be included in the final version of the revised form. Dated: December 16, 2019. Scott Elmore, ICE PRA Clearance Officer. [FR Doc. 2019–27404 Filed 12–18–19; 8:45 am] BILLING CODE 9111–28–P E:\FR\FM\19DEN1.SGM 19DEN1

Agencies

[Federal Register Volume 84, Number 244 (Thursday, December 19, 2019)]
[Notices]
[Page 69761]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-27307]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY


Cybersecurity and Infrastructure Security Agency; Availability of 
Draft Binding Operational Directive 20-01

AGENCY: Cybersecurity and Infrastructure Security Agency, DHS.

ACTION: Notice of availability; request for comments.

-----------------------------------------------------------------------

SUMMARY: Through this notice, CISA is making available a draft binding 
operational directive that will apply to all Federal, executive branch 
departments and agencies relating to vulnerability disclosure policies. 
The draft binding operational directive proposes requiring agencies to 
develop and publish a vulnerability disclosure policy (VDP) and 
maintain supporting handling procedures. This notice also requests 
comment on the draft binding operational directive.

DATES: Comments are due by December 27, 2019.

ADDRESSES: You may send comments by any of the following methods:
     Agency Website: For instructions on how to provide 
comments, please follow the instructions provided at https://cyber.dhs.gov/bod/20-01/.
     Email: [email protected]. Include ``Draft Binding 
Operational Directive 20-01'' in the subject line of the email.
    Instructions: The full text of the draft Binding Operational 
Directive 20-01 is available at https://cyber.dhs.gov./bod/20-01/. Do 
not submit comments that include trade secrets, confidential commercial 
or financial information, Chemical-terrorism Vulnerability Information 
(CVI), Protected Critical Infrastructure Information (PCII), or 
Sensitive Security Information (SSI). All written comments received 
will be posted without alteration at https://github.com/, including any 
personal information. Contact information submitted through email will 
not be posted to https://github.com/, except for any name and 
affiliation included in the comment.

SUPPLEMENTARY INFORMATION: The Department of Homeland Security (``DHS'' 
or ``the Department'') has the statutory responsibility, in 
consultation with the Office of Management and Budget, to administer 
the implementation of agency information security policies and 
practices for information systems, which includes assisting agencies 
and providing certain government-wide protections. 44 U.S.C. 3553(b). 
As part of that responsibility, the Department is authorized to 
``develop[ ] and oversee[ ] the implementation of binding operational 
directives to agencies to implement the policies, principles, 
standards, and guidance developed by the Director [of the Office of 
Management and Budget] and [certain] requirements of [the Federal 
Information Security Modernization Act of 2014.]'' 44 U.S.C. 
3553(b)(2). A binding operational directive (``BOD'') is ``a compulsory 
direction to an agency that (A) is for purposes of safeguarding Federal 
information and information systems from a known or reasonably 
suspected information security threat, vulnerability, or risk; [and] 
(B) [is] in accordance with policies, principles, standards, and 
guidelines issued by the Director[.]'' 44 U.S.C. 3552(b)(1). Agencies 
are required to comply with these directives. 44 U.S.C. 
3554(a)(1)(B)(ii).

Overview of Draft BOD 20-01

    On November 27, 2019, CISA posted draft directive 20-01, titled 
``Develop and Publish a Vulnerability Disclosure Policy,'' for public 
feedback at https://cyber.dhs.gov/bod/20-01. This directive requires 
each agency to develop and publish a vulnerability disclosure policy 
(VDP), enable receipt of unsolicited vulnerability reports, maintain 
supporting handling procedures for any vulnerability reports received, 
and report certain metrics to CISA. DHS is publishing this notice of 
availability to provide awareness of the draft binding operational 
directive being available now for review and comment.

    Dated: December 13, 2019.
Richard Driggers,
Deputy Assistant Director, Cybersecurity Division, Cybersecurity and 
Infrastructure Security Agency, Department of Homeland Security.
[FR Doc. 2019-27307 Filed 12-18-19; 8:45 am]
 BILLING CODE 9110-9P-P