Agency Information Collection Activities: Vulnerability Discovery Program, 70561-70562 [2019-27127]

Download as PDF Federal Register / Vol. 84, No. 246 / Monday, December 23, 2019 / Notices Dated: December 18, 2019. Seth D. Renkema, Branch Chief, Economic Impact Analysis Branch, U.S. Customs and Border Protection. [FR Doc. 2019–27662 Filed 12–20–19; 8:45 am] BILLING CODE 9111–14–P DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection [1651–0002] Agency Information Collection Activities: General Declaration U.S. Customs and Border Protection (CBP), Department of Homeland Security. ACTION: 60-Day notice and request for comments; extension of an existing collection of information. AGENCY: The Department of Homeland Security, U.S. Customs and Border Protection will be submitting the following information collection request to the Office of Management and Budget (OMB) for review and approval in accordance with the Paperwork Reduction Act of 1995 (PRA). The information collection is published in the Federal Register to obtain comments from the public and affected agencies. DATES: Comments are encouraged and must be submitted (no later than February 21, 2020) to be assured of consideration. SUMMARY: Written comments and/or suggestions regarding the item(s) contained in this notice must include the OMB Control Number 1651–0002 in the subject line and the agency name. To avoid duplicate submissions, please use only one of the following methods to submit comments: (1) Email. Submit comments to: CBP_ PRA@cbp.dhs.gov. (2) Mail. Submit written comments to CBP Paperwork Reduction Act Officer, U.S. Customs and Border Protection, Office of Trade, Regulations and Rulings, Economic Impact Analysis Branch, 90 K Street NE, 10th Floor, Washington, DC 20229–1177. FOR FURTHER INFORMATION CONTACT: Requests for additional PRA information should be directed to Seth Renkema, Chief, Economic Impact Analysis Branch, U.S. Customs and Border Protection, Office of Trade, Regulations and Rulings, 90 K Street NE, 10th Floor, Washington, DC 20229–1177, Telephone number 202–325–0056 or via email CBP_PRA@cbp.dhs.gov. Please note that the contact information provided here is solely for questions lotter on DSKBCFDHB2PROD with NOTICES ADDRESSES: VerDate Sep<11>2014 19:32 Dec 20, 2019 Jkt 250001 regarding this notice. Individuals seeking information about other CBP programs should contact the CBP National Customer Service Center at 877–227–5511, (TTY) 1–800–877–8339, or CBP website at https://www.cbp. gov/. SUPPLEMENTARY INFORMATION: CBP invites the general public and other Federal agencies to comment on the proposed and/or continuing information collections pursuant to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). This process is conducted in accordance with 5 CFR 1320.8. Written comments and suggestions from the public and affected agencies should address one or more of the following four points: (1) whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility; (2) the accuracy of the agency’s estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used; (3) suggestions to enhance the quality, utility, and clarity of the information to be collected; and (4) suggestions to minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses. The comments that are submitted will be summarized and included in the request for approval. All comments will become a matter of public record. Overview of This Information Collection Title: General Declaration (Outward/ Inward) Agriculture, Customs, Immigration, and Public Health. OMB Number: 1651–0002. Form Number: Form 7507. Action: CBP proposes to extend the expiration date of this information collection with no change to the burden hours. There is no change to the information collected or CBP Form 7507. Type of Review: Extension (without change). Abstract: As provided in 19 CFR 122.43, an aircraft commander or agent must file CBP Form 7507, General Declaration (Outward/Inward) Agriculture, Customs, Immigration, and Public Health at the time of arrival for all aircraft required to enter pursuant to 19 CFR 122.41. As provided in 19 CFR 122.72 and 122.73, an aircraft commander or agent must file this form PO 00000 Frm 00069 Fmt 4703 Sfmt 4703 70561 at the departure airport for all aircraft departing to a foreign area with commercial airport cargo. As provided in 19 CFR 122.144, this form must be presented to CBP for signature by the inspecting officer in the U.S. Virgin Islands for flights from the U.S. Virgin Islands to the U.S. This form is used to document clearance and inspections by appropriate regulatory agency staffs. CBP Form 7507 collects information about the flight routing, the number of passengers embarking and disembarking, the number of crew members, a declaration of health for the persons on board, and details about disinfecting and sanitizing treatments during the flight. This form also includes a declaration attesting to the accuracy, completeness, and truthfulness of all statements contained in the form and in any document attached to the form. CBP Form 7507 is authorized by 42 U.S.C 268, 19 U.S.C. 1431, 1433, and 1644a; and provided for by 19 CFR 122.43, 122.52, 122.54, 122.73, 122.144, 42 CFR 71.21 and 71.32. This form is accessible at: https://www.cbp.gov/ newsroom/publications/ forms?title=7507&=Apply. Affected Public: Businesses. Estimated Number of Respondents: 500. Estimated Number of Responses per Respondent: 2,644. Estimated Number of Total Annual Responses: 1,322,000. Estimated Time per Response: 5 minutes. Estimated Annual Burden Hours: 110,123. Dated: December 18, 2019. Seth D. Renkema, Branch Chief, Economic Impact Analysis Branch, U.S. Customs and Border Protection. [FR Doc. 2019–27663 Filed 12–20–19; 8:45 am] BILLING CODE P DEPARTMENT OF HOMELAND SECURITY Agency Information Collection Activities: Vulnerability Discovery Program Officer of the Chief Information Security Officer, Department of Homeland Security. ACTION: 30-Day notice and request for comments; New Collection, 1601–NEW. AGENCY: The Department of Homeland Security (DHS), Office of the Chief Information Security Officer, DHS will submit the following information collection request (ICR) to the Office of Management and Budget (OMB) for SUMMARY: E:\FR\FM\23DEN1.SGM 23DEN1 lotter on DSKBCFDHB2PROD with NOTICES 70562 Federal Register / Vol. 84, No. 246 / Monday, December 23, 2019 / Notices review and clearance in accordance with the Paperwork Reduction Act of 1995. DHS previously published this information collection request (ICR) in the Federal Register on Wednesday, August 28, 2019 for a 60-day public comment period. Two (2) comments were received by DHS. The purpose of this notice is to allow additional 30days for public comments. DATES: Comments are encouraged and will be accepted until January 22, 2020. This process is conducted in accordance with 5 CFR 1320.10. ADDRESSES: Interested persons are invited to submit written comments on the proposed information collection to the Office of Information and Regulatory Affairs, Office of Management and Budget. Comments should be addressed to OMB Desk Officer, Department of Homeland Security and sent via electronic mail to dhsdeskofficer@ omb.eop.gov. The Office of Management and Budget is particularly interested in comments which: 1. Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility; 2. Evaluate the accuracy of the agency’s estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used; 3. Enhance the quality, utility, and clarity of the information to be collected; and 4. Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submissions of responses. SUPPLEMENTARY INFORMATION: Security vulnerabilities, defined in section 102(17) of the Cybersecurity Information Sharing Act of 2015, are any attribute of hardware, software, process, or procedure that could enable or facilitate the defeat of a security control. Security vulnerability mitigation is a process starting with discovery of the vulnerability leading to applying some solution to resolve the vulnerability. There is constantly a search for security vulnerabilities within information systems, from individuals or nation states wishing to bypass security controls to gain invaluable information, to researchers seeking knowledge in the field of cyber security. Bypassing such VerDate Sep<11>2014 19:32 Dec 20, 2019 Jkt 250001 security controls in the DHS information systems can cause catastrophic damage including but not limited to loss in Personally Identifiable Information (PII), sensitive information gathering, and data manipulation. Pursuant to section 101 of the Strengthening and Enhancing Cybercapabilities by Utilizing Risk Exposure Technology Act commonly known as the SECURE Technologies Act individuals, organizations, and companies will be able to submit discovered security vulnerabilities on the Department of Homeland Security (DHS) Information Systems. This collection would be used by these individuals, organizations, and companies who choose to submit a discovered vulnerability in the information system of the DHS. The form will include the following essential information: • Vulnerable host(s) • Necessary information for reproducing the security vulnerability • Remediation or suggestions for remediation of the vulnerability • Potential impact on host, if not remediated This form will allow the DHS to do two things (1) allow the individuals, organizations, and companies who discover vulnerabilities in the information systems of DHS to report their findings to the DHS. (2) give DHS first insight into newly discovered vulnerabilities, as well as zero-day vulnerabilities in order to mitigate the security issues prior to malicious actors acting on the vulnerability for malicious intent. The form will benefit researchers as it will provide a safe and lawful way for them to practice and discover new skills while discovering the vulnerabilities. Meanwhile, it will provide the same benefit to the DHS, in addition to enhanced information system security following the vulnerability mitigation. Respondents will be able to fill the form out online at https://www.dhs.gov and submit it thereafter. Links to the form will also be available at any of the DHS components websites (https:// www.tsa.gov/, https://www.ice.gov/, etc.) The collection of this information regarding to discovered security vulnerabilities by individuals, organizations, and companies is needed to fulfil the congressional mandate in Section 101 of the SECURE Technologies Act regarding a Vulnerability Disclosure Policy. In addition, without the ability to collect information on newly discovered security vulnerabilities in DHS PO 00000 Frm 00070 Fmt 4703 Sfmt 4703 information systems, the DHS will rely solely on the internal security personnel and or discovery through post occurrence of such a breach on security controls. The is new collection. Analysis Agency: The Department of Homeland Security, Officer of the Chief Information Security Officer. Title: Vulnerability Discovery Program. OMB Number: 1601—New. Frequency: On Occasion. Affected Public: Private Sector. Number of Respondents: 3000. Estimated Time Per Respondent: 3 Hours. Total Burden Hours: 9000. Dated: December 3, 2019. Melissa Bruce, Executive Director, Business Management Office. [FR Doc. 2019–27127 Filed 12–20–19; 8:45 am] BILLING CODE 9112–fl–P DEPARTMENT OF THE INTERIOR Fish and Wildlife Service [FWS–R8–ES–2019–N111; FXES11140000– 189–FF08E00000] Proposed Upper Santa Ana River Habitat Conservation Plan and Draft Environmental Impact Statement; San Bernardino County, CA; Correction Fish and Wildlife Service, Interior. ACTION: Notice; correction. AGENCY: The U.S. Fish and Wildlife Service published a document in the December 9, 2019, Federal Register that announced the availability of a proposed habitat conservation plan (HCP) and a draft environmental impact statement for public comment. The subject heading of the document incorrectly referred to the ‘‘Upper Santa Ana River Habitat Conservation Plan’’ instead of the ‘‘Upper Santa Ana River Wash Habitat Conservation Plan,’’ which is the correct name of the HCP. FOR FURTHER INFORMATION CONTACT: Karin Cleary-Rose, 760–322–2070. SUPPLEMENTARY INFORMATION: SUMMARY: Correction In notice document 2019–26478, appearing at 84 FR 67292 in the issue of Monday, December 9, 2019, make the following correction: On page 67292, the subject heading should read ‘‘Proposed Upper Santa Ana River Wash Habitat Conservation Plan and Draft E:\FR\FM\23DEN1.SGM 23DEN1

Agencies

[Federal Register Volume 84, Number 246 (Monday, December 23, 2019)]
[Notices]
[Pages 70561-70562]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-27127]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY


Agency Information Collection Activities: Vulnerability Discovery 
Program

AGENCY: Officer of the Chief Information Security Officer, Department 
of Homeland Security.

ACTION: 30-Day notice and request for comments; New Collection, 1601-
NEW.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security (DHS), Office of the Chief 
Information Security Officer, DHS will submit the following information 
collection request (ICR) to the Office of Management and Budget (OMB) 
for

[[Page 70562]]

review and clearance in accordance with the Paperwork Reduction Act of 
1995. DHS previously published this information collection request 
(ICR) in the Federal Register on Wednesday, August 28, 2019 for a 60-
day public comment period. Two (2) comments were received by DHS. The 
purpose of this notice is to allow additional 30-days for public 
comments.

DATES: Comments are encouraged and will be accepted until January 22, 
2020. This process is conducted in accordance with 5 CFR 1320.10.

ADDRESSES: Interested persons are invited to submit written comments on 
the proposed information collection to the Office of Information and 
Regulatory Affairs, Office of Management and Budget. Comments should be 
addressed to OMB Desk Officer, Department of Homeland Security and sent 
via electronic mail to [email protected].
    The Office of Management and Budget is particularly interested in 
comments which:
    1. Evaluate whether the proposed collection of information is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    2. Evaluate the accuracy of the agency's estimate of the burden of 
the proposed collection of information, including the validity of the 
methodology and assumptions used;
    3. Enhance the quality, utility, and clarity of the information to 
be collected; and
    4. Minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology, e.g., permitting electronic 
submissions of responses.

SUPPLEMENTARY INFORMATION: Security vulnerabilities, defined in section 
102(17) of the Cybersecurity Information Sharing Act of 2015, are any 
attribute of hardware, software, process, or procedure that could 
enable or facilitate the defeat of a security control. Security 
vulnerability mitigation is a process starting with discovery of the 
vulnerability leading to applying some solution to resolve the 
vulnerability. There is constantly a search for security 
vulnerabilities within information systems, from individuals or nation 
states wishing to bypass security controls to gain invaluable 
information, to researchers seeking knowledge in the field of cyber 
security. Bypassing such security controls in the DHS information 
systems can cause catastrophic damage including but not limited to loss 
in Personally Identifiable Information (PII), sensitive information 
gathering, and data manipulation.
    Pursuant to section 101 of the Strengthening and Enhancing Cyber-
capabilities by Utilizing Risk Exposure Technology Act commonly known 
as the SECURE Technologies Act individuals, organizations, and 
companies will be able to submit discovered security vulnerabilities on 
the Department of Homeland Security (DHS) Information Systems. This 
collection would be used by these individuals, organizations, and 
companies who choose to submit a discovered vulnerability in the 
information system of the DHS.
    The form will include the following essential information:

 Vulnerable host(s)
 Necessary information for reproducing the security 
vulnerability
 Remediation or suggestions for remediation of the 
vulnerability
 Potential impact on host, if not remediated

    This form will allow the DHS to do two things (1) allow the 
individuals, organizations, and companies who discover vulnerabilities 
in the information systems of DHS to report their findings to the DHS. 
(2) give DHS first insight into newly discovered vulnerabilities, as 
well as zero-day vulnerabilities in order to mitigate the security 
issues prior to malicious actors acting on the vulnerability for 
malicious intent. The form will benefit researchers as it will provide 
a safe and lawful way for them to practice and discover new skills 
while discovering the vulnerabilities. Meanwhile, it will provide the 
same benefit to the DHS, in addition to enhanced information system 
security following the vulnerability mitigation.
    Respondents will be able to fill the form out online at https://www.dhs.gov and submit it thereafter. Links to the form will also be 
available at any of the DHS components websites (https://www.tsa.gov/, 
https://www.ice.gov/, etc.)
    The collection of this information regarding to discovered security 
vulnerabilities by individuals, organizations, and companies is needed 
to fulfil the congressional mandate in Section 101 of the SECURE 
Technologies Act regarding a Vulnerability Disclosure Policy. In 
addition, without the ability to collect information on newly 
discovered security vulnerabilities in DHS information systems, the DHS 
will rely solely on the internal security personnel and or discovery 
through post occurrence of such a breach on security controls.
    The is new collection.

Analysis

    Agency: The Department of Homeland Security, Officer of the Chief 
Information Security Officer.
    Title: Vulnerability Discovery Program.
    OMB Number: 1601--New.
    Frequency: On Occasion.
    Affected Public: Private Sector.
    Number of Respondents: 3000.
    Estimated Time Per Respondent: 3 Hours.
    Total Burden Hours: 9000.

    Dated: December 3, 2019.
Melissa Bruce,
Executive Director, Business Management Office.
[FR Doc. 2019-27127 Filed 12-20-19; 8:45 am]
 BILLING CODE 9112-fl-P