CISA Reporting Forms, 516-518 [2019-28502]
Download as PDF
516
Federal Register / Vol. 85, No. 3 / Monday, January 6, 2020 / Notices
(Catalogue of Federal Domestic Assistance
Program Nos. 93.306, Comparative Medicine;
93.333, Clinical Research, 93.306, 93.333,
93.337, 93.393–93.396, 93.837–93.844,
93.846–93.878, 93.892, 93.893, National
Institutes of Health, HHS)
Dated: December 27, 2019.
Miguelina Perez,
Program Analyst, Office of Federal Advisory
Committee Policy.
[FR Doc. 2019–28431 Filed 1–3–20; 8:45 am]
BILLING CODE 4140–01–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
National Institutes of Health
National Institute of Mental Health;
Notice of Closed Meetings
lotter on DSKBCFDHB2PROD with NOTICES
Pursuant to section 10(d) of the
Federal Advisory Committee Act, as
amended, notice is hereby given of
meetings of the Board of Scientific
Counselors, National Institute of Mental
Health. The meetings will be closed to
the public as indicated below in
accordance with the provisions set forth
in sections 552b(c)(4) and 552b(c)(6),
Title 5 U.S.C., as amended for the
review, discussion, and evaluation of
individual grant applications conducted
by the NATIONAL INSTITUTE OF
MENTAL HEALTH, including
consideration of personnel
qualifications and performance, and the
competence of individual investigators,
the disclosure of which would
constitute a clearly unwarranted
invasion of personal privacy.
Name of Committee: Board of Scientific
Counselors, National Institute of Mental
Health.
Date: January 29–31, 2020.
Time: January 29, 2020, 5:30 p.m. to 8:55
p.m.
Agenda: To review and evaluate personnel
qualifications and performance, and
competence of individual investigators.
Place: Hyatt Regency Bethesda, Regency IV
Conference Room, 7400 Wisconsin Avenue,
Bethesda, MD 20814.
Time: January 30, 2020, 8:45 a.m. to 6:00
p.m.
Agenda: To review and evaluate personnel
qualifications and performance, and
competence of individual investigators.
Place: PORTER NEUROSCIENCE
RESEARCH CENTER, Building 35A, GE 620/
630/640, 35 Convent Drive, Bethesda, MD
20892.
Time: January 31, 2020, 9:00 a.m. to 1:00
p.m.
Agenda: To review and evaluate personnel
qualifications and performance, and
competence of individual investigators.
Place: PORTER NEUROSCIENCE
RESEARCH CENTER, Building 35A, GE 620/
630/640, 35 Convent Drive, Bethesda, MD
20892.
VerDate Sep<11>2014
17:53 Jan 03, 2020
Jkt 250001
Contact Person: Jennifer E. Mehren, Ph.D.,
Scientific Advisor, Division of Intramural
Research Programs, National Institute of
Mental Health, NIH, 35A Convent Drive,
Room GE 412, Bethesda, MD 20892–3747,
301–496–3501, mehrenj@mail.nih.gov.
Name of Committee: Board of Scientific
Counselors, National Institute of Mental
Health.
Date: June 2–4, 2020.
Time: June 02, 2020, 9:00 a.m. to 5:00 p.m.
Agenda: To review and evaluate personnel
qualifications and performance, and
competence of individual investigators.
Place: PORTER NEUROSCIENCE
RESEARCH CENTER, Building 35A, GE 620/
630/640, 35 Convent Drive, Bethesda, MD
20892.
Time: June 03, 2020, 9:00 a.m. to 5:00 p.m.
Agenda: To review and evaluate personnel
qualifications and performance, and
competence of individual investigators.
Place: PORTER NEUROSCIENCE
RESEARCH CENTER, Building 35A, GE 620/
630/640, 35 Convent Drive, Bethesda, MD
20892.
Time: June 04, 2020, 9:00 a.m. to 5:00 p.m.
Agenda: To review and evaluate personnel
qualifications and performance, and
competence of individual investigators.
Place: PORTER NEUROSCIENCE
RESEARCH CENTER, Building 35A, GE 620/
630/640, 35 Convent Drive, Bethesda, MD
20892.
Contact Person: Jennifer E. Mehren, Ph.D.,
Scientific Advisor, Division of Intramural
Research Programs, National Institute of
Mental Health, NIH, 35A Convent Drive,
Room GE 412, Bethesda, MD 20892–3747,
301–496–3501, mehrenj@mail.nih.gov.
Name of Committee: Board of Scientific
Counselors, National Institute of Mental
Health.
Date: October 20–22, 2020.
Time: October 20, 2020, 9:00 a.m. to 5:00
p.m.
Agenda: To review and evaluate personnel
qualifications and performance, and
competence of individual investigators.
Place: PORTER NEUROSCIENCE
RESEARCH CENTER, Building 35A, GE 620/
630/640, 35 Convent Drive, Bethesda, MD
20892.
Time: October 21, 2020, 9:00 a.m. to 5:00
p.m.
Agenda: To review and evaluate personnel
qualifications and performance, and
competence of individual investigators.
Place: PORTER NEUROSCIENCE
RESEARCH CENTER, Building 35A, GE 620/
630/640, 35 Convent Drive, Bethesda, MD
20892.
Time: October 22, 2020, 9:00 a.m. to 5:00
p.m.
Agenda: To review and evaluate personnel
qualifications and performance, and
competence of individual investigators.
Place: PORTER NEUROSCIENCE
RESEARCH CENTER, Building 35A, GE 620/
630/640, 35 Convent Drive, Bethesda, MD
20892.
Contact Person: Jennifer E. Mehren, Ph.D.
Scientific Advisor, Division of Intramural
Research Programs, National Institute of
Mental Health, NIH, 35A Convent Drive,
Room GE 412, Bethesda, MD 20892–3747,
301–496–3501, mehrenj@mail.nih.gov.
PO 00000
Frm 00024
Fmt 4703
Sfmt 4703
(Catalogue of Federal Domestic Assistance
Program No. 93.242, Mental Health Research
Grants, National Institutes of Health, HHS)
Dated: December 31, 2019.
Ronald J. Livingston, Jr.,
Program Analyst, Office of Federal Advisory
Committee Policy.
[FR Doc. 2019–28516 Filed 1–3–20; 8:45 am]
BILLING CODE 4140–01–P
DEPARTMENT OF HOMELAND
SECURITY
CISA Reporting Forms
Cybersecurity Division (CSD),
Cybersecurity and Infrastructure
Security Agency (CISA), Department of
Homeland Security (DHS).
ACTION: 30-Day notice and request for
comments; revision, 1670–0037.
AGENCY:
DHS CISA CSD will submit
the following Information Collection
Request (ICR) to the Office of
Management and Budget (OMB) for
review and clearance in accordance
with the Paperwork Reduction Act of
1995. CISA previously published this
ICR for a 60-day public comment
period. No comments were received by
CISA. Following the 60-day notice,
CISA refined the reporter information
section of the CISA Incident Reporting
Form to improve the clarity, accuracy,
and effectiveness of the data being
collected. The purpose of this notice is
to allow an additional 30 days for public
comments.
DATES: Comments are encouraged and
will be accepted until February 5, 2020.
ADDRESSES: Interested persons are
invited to submit written comments on
the proposed information collection to
the Office of Information and Regulatory
Affairs, OMB. Comments should be
addressed to the OMB Desk Officer,
Department of Homeland Security and
sent via electronic mail to
dhsdeskofficer@omb.eop.gov. All
submissions must include the words
‘‘Department of Homeland Security’’
and the OMB Control Number 1670–
0037.
Comments submitted in response to
this notice may be made available to the
public through relevant websites. For
this reason, please do not include in
your comments information of a
confidential nature, such as sensitive
personal information or proprietary
information. If you send an email
comment, your email address will be
automatically captured and included as
part of the comment that is placed in the
public docket and made available on the
internet. Please note that responses to
SUMMARY:
E:\FR\FM\06JAN1.SGM
06JAN1
lotter on DSKBCFDHB2PROD with NOTICES
Federal Register / Vol. 85, No. 3 / Monday, January 6, 2020 / Notices
this public comment request containing
any routine notice about the
confidentiality of the communication
will be treated as public comments that
may be made available to the public
notwithstanding the inclusion of the
routine notice.
FOR FURTHER INFORMATION CONTACT:
Kenneth Lee at 703.705.6634 or at fed_
ir_update@hq.dhs.gov.
SUPPLEMENTARY INFORMATION: Section
2209 of the Homeland Security Act, as
amended, established a national
cybersecurity and communications
integration center to function as ‘‘a
Federal civilian interface for the multidirectional and cross-sector sharing of
information related to cyber threat
indicators, defensive measures,
cybersecurity risks, incidents, analysis,
and warnings for Federal and nonFederal entities.’’ 6 U.S.C. 659(c)(1). The
Federal Information Security
Modernization Act of 2014 (FISMA)
established a federal information
security incident center and required
the Department to operate it. 44 U.S.C.
3556(a).
The Cybersecurity and Infrastructure
Security Agency (CISA) operates the
federal information security incident
center. Through this center, FISMA
required the Department to provide
technical assistance and guidance on
detecting and handling security
incidents, compile and analyze incident
information that threatens information
security, inform agencies of current and
potential threats and vulnerabilities,
and provide intelligence or other
information about cyber threats,
vulnerabilities, and incidents to
agencies. 44 U.S.C. 3556(a). FISMA also
required agencies to report information
security incidents, major incidents, and
data breaches to the federal information
security incident center. 44 U.S.C.
3556(b) (information security incidents),
44 U.S.C. 3554(b)(7)(C)(iii)(III) (major
incidents); Public Law 113–283, 2(d)
(2014) (codified at 44 U.S.C. 3553, note
(Breaches)). The Cybersecurity
Information Sharing Act of 2015 (CISA
2015) requires DHS, in consultation
with interagency partners, to establish
the Federal Government’s capability and
process for receiving cyber threat
indicators and defensive measures, and
directs DHS to further share cyber threat
indicators and defensive measures it
receives with certain federal entities in
an automated and real-time manner. 6
U.S.C. 1504(c).
CISA is responsible for performing,
coordinating, and supporting response
to information security incidents, which
may originate outside the Federal
community and affect users within it, or
VerDate Sep<11>2014
17:53 Jan 03, 2020
Jkt 250001
originate within the Federal community
and affect users outside of it. Often,
therefore, the effective handling of
security incidents relies on information
sharing among individual users,
industry, and the Federal Government,
which may be facilitated by and through
CISA.
Per the Federal Information Security
Modernization Act of 2014, CISA
operates the Federal information
security incident center for the United
States federal government. Each federal
agency is required to notify and consult
with CISA regarding information
security incidents involving federal
information systems. Additional entities
report incident information to CISA
voluntarily.
CISA’s website (at US-CERT.gov) is a
primary tool used by constituents to
report incident information, access
information sharing products and
services, and interact with CISA.
Constituents, which may include
anyone or any entity in the public, use
forms located on the website to
complete these activities.
By accepting incident reports and
feedback, and interacting among federal
agencies, industry, the research
community, state and local
governments, and others to disseminate
reasoned and actionable cyber security
information to the public, CISA has
provided a way for citizens, businesses,
and other institutions to communicate
and coordinate directly with the Federal
Government about cybersecurity. The
information is collected via the
following forms:
1. The Incident Reporting Form, DHS
Cyber Threat Indicator and Defensive
Measure Submission System and
Malware Analysis Submission Form
enable end users to report incidents and
indicators as well as submit malware
artifacts associated with incidents to
CISA. This information is used by DHS
to conduct analyses and provide
warnings of system threats and
vulnerabilities, and to develop
mitigation strategies as appropriate. The
primary purpose for the collection of
this information is to allow DHS to
contact requestors regarding their
request.
2. The Mail Lists Form enables end
users to subscribe to the National Cyber
Awareness System’s mailing lists,
which deliver the content of and links
to CISA’s information sharing products.
The user must provide an email address
in order to subscribe or unsubscribe,
though both of these actions are
optional. The primary purpose for the
collection of this information is to allow
DHS to contact requestors regarding
their request.
PO 00000
Frm 00025
Fmt 4703
Sfmt 4703
517
3. The Cyber Security Evaluation Tool
(CSET) Download Form, which requests
the name, email address, organization,
infrastructure sector, country, and
intended use of those seeking to
download the CSET. All requested
fields are optional. The primary purpose
for the collection of this information is
to allow DHS to contact requestors
regarding their request.
In order to be responsive to an everchanging cybersecurity environment,
the forms may change to collect data
related to current capabilities or
vulnerabilities. Standards, guidelines,
and requirements of CISA are
perpetually adapting to the volatile
cybersecurity environment. CISA must
retain the ability to update these forms
as required, or CISA will be unable to
collect critical incident data in support
of our mission. Without the necessary
tools and methods to collect this
information, CISA will be unable to
effectively satisfy mission requirements
and support our stakeholders through
information collection, analysis, and
exchange. The general scope and
purpose of the forms will remain the
same.
Incident reports are primarily
submitted using CISA’s incident autosubmission interface. Alternately,
information may be collected through
web-based electronic forms, email, or
telephone. Web form submission is also
used as the collection method for the
other forms listed. These methods
enable individuals, private sector
entities, personnel working at other
federal or state agencies, and
international entities, including
individuals, companies and other
nations’ governments to submit
information.
This is a revision to an existing form.
The changes to the collection since the
previous OMB approval include:
updating the name of the Agency from
NPPD to CISA, updating the Incident
Reporting Form, removing the ICSJWG
FORM, and updating the burden and
cost estimates.
The Incident Reporting Form was
updated to add reporting options; and
updated to improve user-friendliness by
having the form be directional. The
changes include: Adding structured,
distinct options for reporting incidents,
major incidents, breaches, and events
under investigation; and adding fields to
collect expanded information on topics
including attack vectors, indicators of
compromise, communications from
compromised systems, critical
infrastructure sectors, memory captures,
system and network logs, and
unattributed cyber intrusions.
E:\FR\FM\06JAN1.SGM
06JAN1
518
Federal Register / Vol. 85, No. 3 / Monday, January 6, 2020 / Notices
This is a revised information
collection.
OMB is particularly interested in
comments that:
1. Evaluate whether the proposed
collection of information is necessary
for the proper performance of the
functions of the agency, including
whether the information will have
practical utility;
2. Evaluate the accuracy of the
agency’s estimate of the burden of the
proposed collection of information,
including the validity of the
methodology and assumptions used;
3. Enhance the quality, utility, and
clarity of the information to be
collected; and
4. Minimize the burden of the
collection of information on those who
are to respond, including through the
use of appropriate automated,
electronic, mechanical, or other
technological collection techniques or
other forms of information technology,
e.g., permitting electronic submissions
of responses.
Title of Collection: CISA Reporting
Forms.
OMB Control Number: 1670–0037.
Frequency: Annually.
Affected Public: State, Local, Tribal,
and Territorial Governments, Private
Sector, and Academia.
Number of Annualized Respondents:
139,125.
Estimated Time per Respondent:
0.3333 hours, 0.1667 hours, or 0.0167
hours.
Total Annualized Burden Hours:
13,852 hours.
Total Annualized Respondent
Opportunity Cost: $504,494.
Total Annualized Respondent Out-ofPocket Cost: $0.
Total Annualized Government Cost:
$2,100,032.
Larry L. Willis,
Deputy Chief Information Security Officer.
[FR Doc. 2019–28502 Filed 1–3–20; 8:45 am]
BILLING CODE 9110–9P–P
[Docket No. FR–7012–N–10]
60-Day Notice of Proposed Information
Collection: Section 8 Moderate
Rehabilitation Single Room Occupancy
(SRO) Program
Office of Community Planning
and Development, HUD.
ACTION: Notice.
AGENCY:
HUD is seeking approval from
the Office of Management and Budget
(OMB) for the information collection
described below. In accordance with the
Paperwork Reduction Act, HUD is
requesting comment from all interested
parties on the proposed collection of
information. The purpose of this notice
is to allow for 60 days of public
comment.
SUMMARY:
DATES:
Comments Due Date: March 6,
2020.
Interested persons are
invited to submit comments regarding
this proposal. Comments should refer to
the proposal by name and/or OMB
Control Number and should be sent to:
Colette Pollard, Reports Management
Officer, QDAM, Department of Housing
and Urban Development, 451 7th Street
SW, Room 4176, Washington, DC
20410–5000; telephone 202–402–3400
(this is not a toll-free number) or email
at Colette.Pollard@hud.gov for a copy of
the proposed forms or other available
information. Persons with hearing or
speech impairments may access this
number through TTY by calling the tollfree Federal Relay Service at 800–877–
8339.
FOR FURTHER INFORMATION CONTACT:
Michell M. McBee, Special Needs
Assistance Specialist, Office of Special
Needs Assistance Programs, Community
Planning and Development, U.S. Dept of
Housing and Urban Development
(HUD), 451 7th Street SW, Washington,
ADDRESSES:
DC 20410; email Michell M. McBee at
Michell.M.McBee@hud.gov or telephone
202–402–2799. This is not a toll-free
number. Persons with hearing or speech
impairments may access this number
through TTY by calling the toll-free
Federal Relay Service at 800–877–8339.
Copies of available documents
submitted to OMB may be obtained
from Ms. McBee.
This
notice informs the public that HUD is
seeking approval from OMB for the
information collection described in
Section A.
SUPPLEMENTARY INFORMATION:
A. Overview of Information Collection
Title of Information Collection:
Section 8 Moderate Rehabilitation
Single Room Occupancy (SRO) Program
Renewal.
OMB Approval Number: 2506–New.
Type of Request: New.
Description of the need for the
information and proposed use: The Rent
Calculation Worksheet is used at the
beginning of the renewal contract term
to determine the rent cost and can be in
effect until contract rents for units in the
project are adjusted. The amounts of the
monthly contract rents are in
accordance with HUD requirements by
using the Operating Cost Allocation
Factor (OCAF). The Renewal Contract is
a Housing Assistance Payments contract
(HAP) between the Public Housing
Authority and the owner of the project.
Respondents (i.e., affected public):
Homeless individuals, Public Housing
Authorities, Property/Project Owners.
Estimated Number of Respondents:
378.
Estimated Number of Responses: 378.
Frequency of Response: Annually.
Average Hours per Response: 2.
Total Estimated Burdens: 756 hrs
annually.
Information collection
Number of
respondents
Frequency of
response
Responses
per annum
Burden
hour per
response
Annual
burden
hours
Hourly
cost per
response
Annual cost
HAP Contract with Rent
Calculation addendum ...........................
378
1
1
2
756
$40.10
30,315.60
........................
........................
........................
........................
........................
........................
........................
Total ......................
lotter on DSKBCFDHB2PROD with NOTICES
DEPARTMENT OF HOUSING AND
URBAN DEVELOPMENT
Hourly Rate at a GS–12 Level: $40.10.
B. Solicitation of Public Comment
This notice is soliciting comments
from members of the public and affected
parties concerning the collection of
VerDate Sep<11>2014
17:53 Jan 03, 2020
Jkt 250001
information described in Section A on
the following:
(1) Whether the proposed collection
of information is necessary for the
proper performance of the functions of
PO 00000
Frm 00026
Fmt 4703
Sfmt 4703
the agency, including whether the
information will have practical utility;
(2) The accuracy of the agency’s
estimate of the burden of the proposed
collection of information;
E:\FR\FM\06JAN1.SGM
06JAN1
Agencies
[Federal Register Volume 85, Number 3 (Monday, January 6, 2020)]
[Notices]
[Pages 516-518]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-28502]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
CISA Reporting Forms
AGENCY: Cybersecurity Division (CSD), Cybersecurity and Infrastructure
Security Agency (CISA), Department of Homeland Security (DHS).
ACTION: 30-Day notice and request for comments; revision, 1670-0037.
-----------------------------------------------------------------------
SUMMARY: DHS CISA CSD will submit the following Information Collection
Request (ICR) to the Office of Management and Budget (OMB) for review
and clearance in accordance with the Paperwork Reduction Act of 1995.
CISA previously published this ICR for a 60-day public comment period.
No comments were received by CISA. Following the 60-day notice, CISA
refined the reporter information section of the CISA Incident Reporting
Form to improve the clarity, accuracy, and effectiveness of the data
being collected. The purpose of this notice is to allow an additional
30 days for public comments.
DATES: Comments are encouraged and will be accepted until February 5,
2020.
ADDRESSES: Interested persons are invited to submit written comments on
the proposed information collection to the Office of Information and
Regulatory Affairs, OMB. Comments should be addressed to the OMB Desk
Officer, Department of Homeland Security and sent via electronic mail
to [email protected]. All submissions must include the words
``Department of Homeland Security'' and the OMB Control Number 1670-
0037.
Comments submitted in response to this notice may be made available
to the public through relevant websites. For this reason, please do not
include in your comments information of a confidential nature, such as
sensitive personal information or proprietary information. If you send
an email comment, your email address will be automatically captured and
included as part of the comment that is placed in the public docket and
made available on the internet. Please note that responses to
[[Page 517]]
this public comment request containing any routine notice about the
confidentiality of the communication will be treated as public comments
that may be made available to the public notwithstanding the inclusion
of the routine notice.
FOR FURTHER INFORMATION CONTACT: Kenneth Lee at 703.705.6634 or at
[email protected].
SUPPLEMENTARY INFORMATION: Section 2209 of the Homeland Security Act,
as amended, established a national cybersecurity and communications
integration center to function as ``a Federal civilian interface for
the multi-directional and cross-sector sharing of information related
to cyber threat indicators, defensive measures, cybersecurity risks,
incidents, analysis, and warnings for Federal and non-Federal
entities.'' 6 U.S.C. 659(c)(1). The Federal Information Security
Modernization Act of 2014 (FISMA) established a federal information
security incident center and required the Department to operate it. 44
U.S.C. 3556(a).
The Cybersecurity and Infrastructure Security Agency (CISA)
operates the federal information security incident center. Through this
center, FISMA required the Department to provide technical assistance
and guidance on detecting and handling security incidents, compile and
analyze incident information that threatens information security,
inform agencies of current and potential threats and vulnerabilities,
and provide intelligence or other information about cyber threats,
vulnerabilities, and incidents to agencies. 44 U.S.C. 3556(a). FISMA
also required agencies to report information security incidents, major
incidents, and data breaches to the federal information security
incident center. 44 U.S.C. 3556(b) (information security incidents), 44
U.S.C. 3554(b)(7)(C)(iii)(III) (major incidents); Public Law 113-283,
2(d) (2014) (codified at 44 U.S.C. 3553, note (Breaches)). The
Cybersecurity Information Sharing Act of 2015 (CISA 2015) requires DHS,
in consultation with interagency partners, to establish the Federal
Government's capability and process for receiving cyber threat
indicators and defensive measures, and directs DHS to further share
cyber threat indicators and defensive measures it receives with certain
federal entities in an automated and real-time manner. 6 U.S.C.
1504(c).
CISA is responsible for performing, coordinating, and supporting
response to information security incidents, which may originate outside
the Federal community and affect users within it, or originate within
the Federal community and affect users outside of it. Often, therefore,
the effective handling of security incidents relies on information
sharing among individual users, industry, and the Federal Government,
which may be facilitated by and through CISA.
Per the Federal Information Security Modernization Act of 2014,
CISA operates the Federal information security incident center for the
United States federal government. Each federal agency is required to
notify and consult with CISA regarding information security incidents
involving federal information systems. Additional entities report
incident information to CISA voluntarily.
CISA's website (at US-CERT.gov) is a primary tool used by
constituents to report incident information, access information sharing
products and services, and interact with CISA. Constituents, which may
include anyone or any entity in the public, use forms located on the
website to complete these activities.
By accepting incident reports and feedback, and interacting among
federal agencies, industry, the research community, state and local
governments, and others to disseminate reasoned and actionable cyber
security information to the public, CISA has provided a way for
citizens, businesses, and other institutions to communicate and
coordinate directly with the Federal Government about cybersecurity.
The information is collected via the following forms:
1. The Incident Reporting Form, DHS Cyber Threat Indicator and
Defensive Measure Submission System and Malware Analysis Submission
Form enable end users to report incidents and indicators as well as
submit malware artifacts associated with incidents to CISA. This
information is used by DHS to conduct analyses and provide warnings of
system threats and vulnerabilities, and to develop mitigation
strategies as appropriate. The primary purpose for the collection of
this information is to allow DHS to contact requestors regarding their
request.
2. The Mail Lists Form enables end users to subscribe to the
National Cyber Awareness System's mailing lists, which deliver the
content of and links to CISA's information sharing products. The user
must provide an email address in order to subscribe or unsubscribe,
though both of these actions are optional. The primary purpose for the
collection of this information is to allow DHS to contact requestors
regarding their request.
3. The Cyber Security Evaluation Tool (CSET) Download Form, which
requests the name, email address, organization, infrastructure sector,
country, and intended use of those seeking to download the CSET. All
requested fields are optional. The primary purpose for the collection
of this information is to allow DHS to contact requestors regarding
their request.
In order to be responsive to an ever-changing cybersecurity
environment, the forms may change to collect data related to current
capabilities or vulnerabilities. Standards, guidelines, and
requirements of CISA are perpetually adapting to the volatile
cybersecurity environment. CISA must retain the ability to update these
forms as required, or CISA will be unable to collect critical incident
data in support of our mission. Without the necessary tools and methods
to collect this information, CISA will be unable to effectively satisfy
mission requirements and support our stakeholders through information
collection, analysis, and exchange. The general scope and purpose of
the forms will remain the same.
Incident reports are primarily submitted using CISA's incident
auto-submission interface. Alternately, information may be collected
through web-based electronic forms, email, or telephone. Web form
submission is also used as the collection method for the other forms
listed. These methods enable individuals, private sector entities,
personnel working at other federal or state agencies, and international
entities, including individuals, companies and other nations'
governments to submit information.
This is a revision to an existing form. The changes to the
collection since the previous OMB approval include: updating the name
of the Agency from NPPD to CISA, updating the Incident Reporting Form,
removing the ICSJWG FORM, and updating the burden and cost estimates.
The Incident Reporting Form was updated to add reporting options;
and updated to improve user-friendliness by having the form be
directional. The changes include: Adding structured, distinct options
for reporting incidents, major incidents, breaches, and events under
investigation; and adding fields to collect expanded information on
topics including attack vectors, indicators of compromise,
communications from compromised systems, critical infrastructure
sectors, memory captures, system and network logs, and unattributed
cyber intrusions.
[[Page 518]]
This is a revised information collection.
OMB is particularly interested in comments that:
1. Evaluate whether the proposed collection of information is
necessary for the proper performance of the functions of the agency,
including whether the information will have practical utility;
2. Evaluate the accuracy of the agency's estimate of the burden of
the proposed collection of information, including the validity of the
methodology and assumptions used;
3. Enhance the quality, utility, and clarity of the information to
be collected; and
4. Minimize the burden of the collection of information on those
who are to respond, including through the use of appropriate automated,
electronic, mechanical, or other technological collection techniques or
other forms of information technology, e.g., permitting electronic
submissions of responses.
Title of Collection: CISA Reporting Forms.
OMB Control Number: 1670-0037.
Frequency: Annually.
Affected Public: State, Local, Tribal, and Territorial Governments,
Private Sector, and Academia.
Number of Annualized Respondents: 139,125.
Estimated Time per Respondent: 0.3333 hours, 0.1667 hours, or
0.0167 hours.
Total Annualized Burden Hours: 13,852 hours.
Total Annualized Respondent Opportunity Cost: $504,494.
Total Annualized Respondent Out-of-Pocket Cost: $0.
Total Annualized Government Cost: $2,100,032.
Larry L. Willis,
Deputy Chief Information Security Officer.
[FR Doc. 2019-28502 Filed 1-3-20; 8:45 am]
BILLING CODE 9110-9P-P