Agency Information Collection Activities: Nationwide Cyber Security Review (NCSR) Assessment, 59814-59816 [2022-21407]

Download as PDF 59814 Federal Register / Vol. 87, No. 190 / Monday, October 3, 2022 / Notices suggestion or recommendation. You should provide personal contact information so that we can contact you if we have questions regarding your comments; but please note that all comments will be posted to the online docket without change and that any personal information you include can be searchable online. For more about privacy and the docket, visit https:// www.regulations.gov/privacyNotice. We do accept anonymous comments. We encourage you to submit comments through the Federal Portal at https://www.regulations.gov. If your material cannot be submitted using https://www.regulations.gov, contact the Coast Guard (see FOR FURTHER INFORMATION CONTACT). Documents mentioned in this notice and all public comments, will be in our online docket at https://www.regulations.gov and can be viewed by following that website’s instructions. Additionally, if you go to the online docket and sign up for email alerts, you will be notified when comments are posted. Do not submit detailed proposals for future CRADAs to https:// www.regulations.gov. Instead, submit them directly to the Coast Guard (see FOR FURTHER INFORMATION CONTACT). lotter on DSK11XQN23PROD with NOTICES1 Discussion CRADAs are authorized under 15 U.S.C. 3710(a).1 A CRADA promotes the transfer of technology to the private sector for commercial use, as well as specified research or development efforts that are consistent with the mission of the Federal parties to the CRADA. The Federal party or parties agree with one or more non-Federal parties to share research resources, but the Federal party does not contribute funding. CRADAs are not procurement contracts. Care is taken to ensure that CRADAs are not used to circumvent the contracting process. CRADAs have a specific purpose and should not be confused with procurement contracts, grants, and other type of agreements. Under the proposed CRADA, the Coast Guard’s Research and Development Center (R&DC) will collaborate with one or more nonFederal participants. Together, the R&DC and the non-Federal participants will identify the capabilities, benefits, risks, and technical limitations of enhancing air surveillance radar systems. 1 The statute confers this authority on the head of each Federal agency. The Secretary of DHS’s authority is delegated to the Coast Guard and other DHS organizational elements by DHS Delegation No. 0160.1, para. II.B.34. VerDate Sep<11>2014 19:00 Sep 30, 2022 Jkt 259001 We anticipate that the Coast Guard’s contributions under the proposed CRADA will include the following: (1) Provide end user input on operational needs and assessment of system performance; (2) In conjunction with the nonFederal participant(s), assist in developing the evaluation test plan to be executed to meet the objectives of the CRADA; (3) Provide qualified UAS operators for operation of UAS, as required under the CRADA; (4) Provide the test range, test range support, facilities, and all approvals for operation of UAS as required under the CRADA; (5) In conjunction with the nonFederal participant(s), assist with the development of a final report or brief that documents the methodologies, findings, conclusions, and recommendations under this CRADA. We anticipate that the non-Federal participants’ contributions under the proposed CRADA will include the following: (1) Provide the air surveillance radar system and all other equipment required to conduct the evaluation as described in the test plan developed under this CRADA; (2) Provide operators, as required, to operate and maintain the equipment to conduct the evaluation as described in the test plan; (3) Provide shipment and delivery of all equipment for this evaluation; (4) Provide personnel, travel, and other associated expenses as required; (5) Collect and analyze evaluation test plan data; and (6) Collaboratively develop a final report documenting the methodologies, findings, conclusions, and recommendations of this CRADA work. The Coast Guard reserves the right to select for CRADA participants all, some, or no proposals submitted for this CRADA. The Coast Guard will provide no funding for reimbursement of proposal development costs. Proposals and any other material submitted in response to this notice will not be returned. Proposals submitted are expected to be unclassified and have no more than five single-sided pages (excluding cover page, DD 1494, JF–12, etc.). The Coast Guard will select proposals at its sole discretion on the basis of: (1) How well they communicate an understanding of, and ability to meet, the proposed CRADA’s goal; and (2) How well they address the following criteria: (a) Technical capability to support the non-Federal party contributions described; and PO 00000 Frm 00045 Fmt 4703 Sfmt 4703 (b) Resources available for supporting the non-Federal party contributions described. Currently, RADA Technologies LLC is being considered for participation in this CRADA because they have an air surveillance radar system solution in place for providing track classification and discrimination. However, we do not wish to exclude other viable participants from this or future similar CRADAs. The goal of this CRADA is to evaluate track classification and discrimination technology and address its ability to perform specific operations. Special consideration will be given to small business firms/consortia, and preference will be given to business units located in the U.S. This notice is issued under the authority of 5 U.S.C. 552(a) and 15 U.S.C. 3710(a). Dated: September 22, 2022. Daniel P. Keane, Captain, Commanding Officer, U.S. Coast Guard Research and Development Center, USCG. [FR Doc. 2022–21388 Filed 9–30–22; 8:45 am] BILLING CODE 9110–04–P DEPARTMENT OF HOMELAND SECURITY [Docket No. CISA–2022–0011] Agency Information Collection Activities: Nationwide Cyber Security Review (NCSR) Assessment Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS). ACTION: 60-Day notice and request for comments; existing collection, 1670– 0040 AGENCY: CISA will submit the following renewal information for an existing collection request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995. DATES: Comments are encouraged and will be accepted until December 2, 2022. SUMMARY: You may submit comments, identified by docket number CISA– 1670–0040, by the following method: • Federal eRulemaking Portal: https:// www.regulations.gov. Please follow the instructions for submitting comments. Instructions: All submissions received must include the words ‘‘Cybersecurity and Infrastructure Security Agency’’ and docket number CISA–2022–0011. ADDRESSES: E:\FR\FM\03OCN1.SGM 03OCN1 lotter on DSK11XQN23PROD with NOTICES1 Federal Register / Vol. 87, No. 190 / Monday, October 3, 2022 / Notices Comments received will be posted without alteration at https:// www.regulations.gov, including any personal information provided. Comments submitted in response to this notice may be made available to the public through relevant websites. For this reason, please do not include in your comments information of a confidential nature, such as sensitive personal information or proprietary information. Please note that responses to this public comment request containing any routine notice about the confidentiality of the communication will be treated as public comments that may be made available to the public notwithstanding the inclusion of the routine notice. FOR FURTHER INFORMATION CONTACT: For specific questions related to collection activities, please contact Amy Nicewick at 703–203–0634 or at CISA.CSD.JCDC_ MS-ISAC@cisa.dhs.gov. Docket: For access to the docket to read background documents or comments received, go to https:// www.regulations.gov. SUPPLEMENTARY INFORMATION: The Homeland Security Act of 2002, as amended, established ‘‘a national cybersecurity and communications integration center [‘‘the Center,’’ now constituted as CSD] . . . to carry out certain responsibilities of the Under Secretary,’’ including the provision of assessments. 6 U.S.C. 659(b). The Act also directs the composition of the Center to include an entity that collaborates with State and local governments on cybersecurity risks and incidents and has entered into a voluntary information sharing relationship with the Center. 6 U.S.C. 659(d)(1)(E). The Multistate Information Sharing and Analysis Center (MS–ISAC) currently fulfills this function. CSD funds the MS–ISAC through a Cooperative Agreement and maintains a close relationship with this entity. As part of the Cooperative Agreement, CISA directs the MS–ISAC to produce the NCSR as contemplated by Congress. Generally, CSD has authority to perform risk and vulnerability assessments for Federal and non-Federal entities, with consent and upon request. CSD performs these assessments in accordance with its authority to provide voluntary technical assistance to Federal and non-Federal entities. See 6 U.S.C. 659(c)(6). This authority is consistent with the Department’s responsibility to ‘‘[c]onduct comprehensive assessments of the vulnerabilities of the Nation’s critical infrastructure in coordination with the SSAs [Sector-Specific Agencies] and in VerDate Sep<11>2014 19:00 Sep 30, 2022 Jkt 259001 collaboration with SLTT [State, Local, Tribal, and Territorial] entities and critical infrastructure owners and operators.’’ Presidential Policy Directive (PPD)–21, at 3. A private sector entity or state and local government agency also has discretion to use a self-assessment tool offered by CSD or request CSD to perform an on-site risk and vulnerability assessment. See 6 U.S.C. 659(c)(6). The NCSR is a voluntary annual selfassessment. In its reports to the Department of Homeland Security Appropriations Act, 2010, Congress requested a Nationwide Cyber Security Review (NCSR) from the National Cyber Security Division (NCSD), the predecessor organization of the Cybersecurity Division (CSD). S. Rep. No. 111–31, at 91 (2009), H.R. Rep. No. 111–298, at 96 (2009). The House Conference Report accompanying the Department of Homeland Security Appropriations Act, 2010 ‘‘note[d] the importance of a comprehensive effort to assess the security level of cyberspace at all levels of government’’ and directed DHS to ‘‘develop the necessary tools for all levels of government to complete a cyber network security assessment so that a full measure of gaps and capabilities can be completed in the near future.’’ H.R. Rep. No. 111–298, at 96 (2009). Concurrently, in its report accompanying the Department of Homeland Security Appropriations Bill, 2010, the Senate Committee on Appropriations recommended that DHS ‘‘report on the status of cyber security measures in place, and gaps in all 50 States and the largest urban areas.’’ S. Rep. No. 111–31, at 91 (2009). Upon submission of the first NCSR report in March 2012, Congress further clarified its expectation ‘‘that this survey will be updated every other year so that progress may be charted and further areas of concern may be identified.’’ S. Rep. No. 112–169, at 100 (2012). In each subsequent year, Congress has referenced this NCSR in its explanatory comments and recommendations accompanying the Department of Homeland Security Appropriations. Consistent with Congressional mandates, CSD developed the NCSR to measure the gaps and capabilities of cybersecurity programs within SLTT governments. Using the anonymous results of the NCSR, CISA delivers a bi-annual summary report to Congress that provides a broad picture of the current cybersecurity gaps & capabilities of SLTT governments across the nation. The assessment allows SLTT governments to manage cybersecurity related risks through the NIST Cybersecurity Framework (CSF) which PO 00000 Frm 00046 Fmt 4703 Sfmt 4703 59815 consists of best practices, standards, and guidelines. In efforts of continuously providing Congress with an accurate representation of the SLTT gaps and capabilities the NCSR question set may slightly change from year-to-year. The NCSR is an annual voluntary selfassessment that is hosted on LogicManager, which is a technology platform that provides a foundation for managing policies, controls, risks, assessments, and deficiencies across organizational lines of business. The NCSR self-assessment runs every year from October–February. In efforts to increase participation, the deadline is sometimes extended. The target audience for the NCSR are personnel within the SLTT community who are responsible for the cybersecurity management within their organization. Through the NCSR, CISA and MS– ISAC will examine relationships, interactions, and processes governing IT management and the ability to effectively manage operational risk. Using the anonymous results of the NCSR, CISA delivers a biannual summary report to Congress that provides a broad picture of the cybersecurity gaps and capabilities of SLTT governments across the nation. The bi-annual summary report is shared with MS–ISAC members, NCSR End Users, and Congress. The report is also available on the MS–ISAC website, https://www.cisecurity.org/ms-isac/ services/ncsr/. Upon submission of the NCSR selfassessment, participants will immediately receive access to several reports specific to their organization and their cybersecurity posture. Additionally, after the annual NCSR survey closes, there will be a brief NCSR End User Survey offered to everyone who completed the NSCR assessment. The survey will provide feedback on participants’ experiences, such as how they heard about the NCSR, what they found or did not find useful, how they will utilize the results of their assessment, and other information about their current and future interactions with the NCSR. The NCSR assessment requires approximately two hours for completion and is located on the LogicManager Platform. During the assessment period, participants can respond at their own pace with the ability to save their progress during each session. If additional support is needed, participants can contact the NCSR helpdesk via phone and email. The NCSR End User survey will be fully electronic. It contains less than 30 multiple choice and fill-in-the-blank answers and takes approximately 10 E:\FR\FM\03OCN1.SGM 03OCN1 lotter on DSK11XQN23PROD with NOTICES1 59816 Federal Register / Vol. 87, No. 190 / Monday, October 3, 2022 / Notices minutes to complete. The feedback survey will be administered via Survey Monkey and settings will be updated to opt out of collecting participants’ IP addresses. There are no recordkeeping, capital, start-up, or maintenance costs associated with this information collection. There is no submission or filing fee associated with this collection. As all forms are completed via the LogicManager platform and SurveyMonkey, there are no associated collection, printing, or mailing costs. This is a renewal for an existing information collection not a new collection. OMB is particularly interested in comments that: 1. Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility. 2. Evaluate the accuracy of the agency’s estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used. 3. Enhance the quality, utility, and clarity of the information to be collected. 4. Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submissions of responses. Title of Collection: Nationwide Cyber Security Review Assessment. OMB Control Number: CISA–1670– 0040. Frequency: Annually. Affected Public: State, Local, Tribal, and Territorial entities. Number of Respondents for NCSR Assessment: 3,112. Estimated Time per Respondent Respondents for NCSR Assessment: 2 hours. Number of Respondents for NCSR End User Survey: 215. Estimated Time per Respondent for NCSR End User Survey: 0.17 hours (10 minutes). Total Burden Hours: 6,260. Total Burden Cost (Capital/Startup): $0. Total Recordkeeping Burden: $0. Total Burden Cost (Operating/ Maintaining): $0 VerDate Sep<11>2014 19:00 Sep 30, 2022 Jkt 259001 Total Hourly Burden Cost: $389,427. Robert Costello, Chief Information Officer, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security. [FR Doc. 2022–21407 Filed 9–30–22; 8:45 am] BILLING CODE 9110–9P–P DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Intent To Request an Extension From OMB of One Current Public Collection of Information: Pipeline Corporate Security Review Program Transportation Security Administration, DHS. ACTION: 60-day notice. AGENCY: The Transportation Security Administration (TSA) invites public comment on one currently-approved Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652–0056, abstracted below, that we will submit to OMB for an extension in compliance with the Paperwork Reduction Act (PRA). On July 29, 2022, OMB approved TSA’s request for an emergency revision of this collection to address the ongoing cybersecurity threat to pipeline systems and associated infrastructure. TSA is now seeking to renew the collection, which expires on January 31, 2023, with incorporation of the subject of the emergency revision. The ICR describes the nature of the information collection and its expected burden. The collection allows TSA to assess the current security practices in the pipeline industry through TSA’s Pipeline Corporate Security Review (PCSR) program and allows for the continued institution of mandatory cybersecurity requirements under the TSA Security Directive (SD) Pipeline 2021–02 series. The PCSR program is part of the larger domain awareness, prevention, and protection program supporting TSA’s and the Department of Homeland Security’s missions. The updated ICR reflects changes to collection requirements based on TSA’s update to the TSA SD 2021–02 series, released on July 21, 2022. DATES: Send your comments by December 2, 2022. ADDRESSES: Comments may be emailed to TSAPRA@tsa.dhs.gov or delivered to the TSA PRA Officer, Information Technology (IT), TSA–11, Transportation Security Administration, 6595 Springfield Center Drive, Springfield, VA 20598–6011. SUMMARY: PO 00000 Frm 00047 Fmt 4703 Sfmt 4703 FOR FURTHER INFORMATION CONTACT: Christina A. Walsh at the above address, or by telephone (571) 227–2062. SUPPLEMENTARY INFORMATION: Comments Invited In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.), an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a valid OMB control number. The ICR documentation will be available at https://www.reginfo.gov upon its submission to OMB. Therefore, in preparation for OMB review and approval of the following information collection, TSA is soliciting comments to— (1) Evaluate whether the proposed information requirement is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility; (2) Evaluate the accuracy of the agency’s estimate of the burden; (3) Enhance the quality, utility, and clarity of the information to be collected; and (4) Minimize the burden of the collection of information on those who are to respond, including using appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology. Information Collection Requirement OMB Control Number 1652–0056; Pipeline Corporate Security Review (PCSR) Program. Under the Aviation and Transportation Security Act 1 and delegated authority from the Secretary of Homeland Security, TSA has broad responsibility and authority for ‘‘security in all modes of transportation . . . including security responsibilities . . . over modes of transportation that are exercised by the Department of Transportation.’’ 2 TSA is specifically empowered to assess threats to transportation; 3 develop policies, strategies, and plans for dealing with 1 Public Law 107–71 (115 Stat. 597; Nov. 19, 2001), codified at 49 U.S.C. 114. 2 See 49 U.S.C. 114(d). The TSA Administrator’s current authorities under the Aviation and Transportation Security Act have been delegated to him by the Secretary of Homeland Security. Section 403(2) of the Homeland Security Act (HSA) of 2002, Public Law 107–296 (116 Stat. 2135, Nov. 25, 2002), transferred all functions of TSA, including those of the Secretary of Transportation and the Under Secretary of Transportation of Security related to TSA, to the Secretary of Homeland Security. Pursuant to DHS Delegation Number 7060.2, the Secretary delegated to the Administrator of TSA, subject to the Secretary’s guidance and control, the authority vested in the Secretary with respect to TSA, including that in section 403(2) of the HSA. 3 49 U.S.C. 114(f)(2). E:\FR\FM\03OCN1.SGM 03OCN1

Agencies

[Federal Register Volume 87, Number 190 (Monday, October 3, 2022)]
[Notices]
[Pages 59814-59816]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-21407]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. CISA-2022-0011]


Agency Information Collection Activities: Nationwide Cyber 
Security Review (NCSR) Assessment

AGENCY: Cybersecurity and Infrastructure Security Agency (CISA), 
Department of Homeland Security (DHS).

ACTION: 60-Day notice and request for comments; existing collection, 
1670-0040

-----------------------------------------------------------------------

SUMMARY: CISA will submit the following renewal information for an 
existing collection request (ICR) to the Office of Management and 
Budget (OMB) for review and clearance in accordance with the Paperwork 
Reduction Act of 1995.

DATES: Comments are encouraged and will be accepted until December 2, 
2022.

ADDRESSES: You may submit comments, identified by docket number CISA-
1670-0040, by the following method:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Please follow the instructions for submitting comments.
    Instructions: All submissions received must include the words 
``Cybersecurity and Infrastructure Security Agency'' and docket number 
CISA-2022-0011.

[[Page 59815]]

Comments received will be posted without alteration at https://www.regulations.gov, including any personal information provided. 
Comments submitted in response to this notice may be made available to 
the public through relevant websites. For this reason, please do not 
include in your comments information of a confidential nature, such as 
sensitive personal information or proprietary information. Please note 
that responses to this public comment request containing any routine 
notice about the confidentiality of the communication will be treated 
as public comments that may be made available to the public 
notwithstanding the inclusion of the routine notice.

FOR FURTHER INFORMATION CONTACT: For specific questions related to 
collection activities, please contact Amy Nicewick at 703-203-0634 or 
at [email protected].
    Docket: For access to the docket to read background documents or 
comments received, go to https://www.regulations.gov.

SUPPLEMENTARY INFORMATION: The Homeland Security Act of 2002, as 
amended, established ``a national cybersecurity and communications 
integration center [``the Center,'' now constituted as CSD] . . . to 
carry out certain responsibilities of the Under Secretary,'' including 
the provision of assessments. 6 U.S.C. 659(b). The Act also directs the 
composition of the Center to include an entity that collaborates with 
State and local governments on cybersecurity risks and incidents and 
has entered into a voluntary information sharing relationship with the 
Center. 6 U.S.C. 659(d)(1)(E). The Multistate Information Sharing and 
Analysis Center (MS-ISAC) currently fulfills this function. CSD funds 
the MS-ISAC through a Cooperative Agreement and maintains a close 
relationship with this entity. As part of the Cooperative Agreement, 
CISA directs the MS-ISAC to produce the NCSR as contemplated by 
Congress.
    Generally, CSD has authority to perform risk and vulnerability 
assessments for Federal and non-Federal entities, with consent and upon 
request. CSD performs these assessments in accordance with its 
authority to provide voluntary technical assistance to Federal and non-
Federal entities. See 6 U.S.C. 659(c)(6). This authority is consistent 
with the Department's responsibility to ``[c]onduct comprehensive 
assessments of the vulnerabilities of the Nation's critical 
infrastructure in coordination with the SSAs [Sector-Specific Agencies] 
and in collaboration with SLTT [State, Local, Tribal, and Territorial] 
entities and critical infrastructure owners and operators.'' 
Presidential Policy Directive (PPD)-21, at 3. A private sector entity 
or state and local government agency also has discretion to use a self-
assessment tool offered by CSD or request CSD to perform an on-site 
risk and vulnerability assessment. See 6 U.S.C. 659(c)(6). The NCSR is 
a voluntary annual self-assessment.
    In its reports to the Department of Homeland Security 
Appropriations Act, 2010, Congress requested a Nationwide Cyber 
Security Review (NCSR) from the National Cyber Security Division 
(NCSD), the predecessor organization of the Cybersecurity Division 
(CSD). S. Rep. No. 111-31, at 91 (2009), H.R. Rep. No. 111-298, at 96 
(2009). The House Conference Report accompanying the Department of 
Homeland Security Appropriations Act, 2010 ``note[d] the importance of 
a comprehensive effort to assess the security level of cyberspace at 
all levels of government'' and directed DHS to ``develop the necessary 
tools for all levels of government to complete a cyber network security 
assessment so that a full measure of gaps and capabilities can be 
completed in the near future.'' H.R. Rep. No. 111-298, at 96 (2009). 
Concurrently, in its report accompanying the Department of Homeland 
Security Appropriations Bill, 2010, the Senate Committee on 
Appropriations recommended that DHS ``report on the status of cyber 
security measures in place, and gaps in all 50 States and the largest 
urban areas.'' S. Rep. No. 111-31, at 91 (2009).
    Upon submission of the first NCSR report in March 2012, Congress 
further clarified its expectation ``that this survey will be updated 
every other year so that progress may be charted and further areas of 
concern may be identified.'' S. Rep. No. 112-169, at 100 (2012). In 
each subsequent year, Congress has referenced this NCSR in its 
explanatory comments and recommendations accompanying the Department of 
Homeland Security Appropriations. Consistent with Congressional 
mandates, CSD developed the NCSR to measure the gaps and capabilities 
of cybersecurity programs within SLTT governments. Using the anonymous 
results of the NCSR, CISA delivers a bi-annual summary report to 
Congress that provides a broad picture of the current cybersecurity 
gaps & capabilities of SLTT governments across the nation.
    The assessment allows SLTT governments to manage cybersecurity 
related risks through the NIST Cybersecurity Framework (CSF) which 
consists of best practices, standards, and guidelines. In efforts of 
continuously providing Congress with an accurate representation of the 
SLTT gaps and capabilities the NCSR question set may slightly change 
from year-to-year.
    The NCSR is an annual voluntary self-assessment that is hosted on 
LogicManager, which is a technology platform that provides a foundation 
for managing policies, controls, risks, assessments, and deficiencies 
across organizational lines of business. The NCSR self-assessment runs 
every year from October-February. In efforts to increase participation, 
the deadline is sometimes extended. The target audience for the NCSR 
are personnel within the SLTT community who are responsible for the 
cybersecurity management within their organization.
    Through the NCSR, CISA and MS-ISAC will examine relationships, 
interactions, and processes governing IT management and the ability to 
effectively manage operational risk. Using the anonymous results of the 
NCSR, CISA delivers a biannual summary report to Congress that provides 
a broad picture of the cybersecurity gaps and capabilities of SLTT 
governments across the nation. The bi-annual summary report is shared 
with MS-ISAC members, NCSR End Users, and Congress. The report is also 
available on the MS-ISAC website, https://www.cisecurity.org/ms-isac/services/ncsr/.
    Upon submission of the NCSR self-assessment, participants will 
immediately receive access to several reports specific to their 
organization and their cybersecurity posture. Additionally, after the 
annual NCSR survey closes, there will be a brief NCSR End User Survey 
offered to everyone who completed the NSCR assessment. The survey will 
provide feedback on participants' experiences, such as how they heard 
about the NCSR, what they found or did not find useful, how they will 
utilize the results of their assessment, and other information about 
their current and future interactions with the NCSR.
    The NCSR assessment requires approximately two hours for completion 
and is located on the LogicManager Platform. During the assessment 
period, participants can respond at their own pace with the ability to 
save their progress during each session. If additional support is 
needed, participants can contact the NCSR helpdesk via phone and email.
    The NCSR End User survey will be fully electronic. It contains less 
than 30 multiple choice and fill-in-the-blank answers and takes 
approximately 10

[[Page 59816]]

minutes to complete. The feedback survey will be administered via 
Survey Monkey and settings will be updated to opt out of collecting 
participants' IP addresses. There are no recordkeeping, capital, start-
up, or maintenance costs associated with this information collection. 
There is no submission or filing fee associated with this collection. 
As all forms are completed via the LogicManager platform and 
SurveyMonkey, there are no associated collection, printing, or mailing 
costs. This is a renewal for an existing information collection not a 
new collection. OMB is particularly interested in comments that:
    1. Evaluate whether the proposed collection of information is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility.
    2. Evaluate the accuracy of the agency's estimate of the burden of 
the proposed collection of information, including the validity of the 
methodology and assumptions used.
    3. Enhance the quality, utility, and clarity of the information to 
be collected.
    4. Minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology, e.g., permitting electronic 
submissions of responses.
    Title of Collection: Nationwide Cyber Security Review Assessment.
    OMB Control Number: CISA-1670-0040.
    Frequency: Annually.
    Affected Public: State, Local, Tribal, and Territorial entities.
    Number of Respondents for NCSR Assessment: 3,112.
    Estimated Time per Respondent Respondents for NCSR Assessment: 2 
hours.
    Number of Respondents for NCSR End User Survey: 215.
    Estimated Time per Respondent for NCSR End User Survey: 0.17 hours 
(10 minutes).
    Total Burden Hours: 6,260.
    Total Burden Cost (Capital/Startup): $0.
    Total Recordkeeping Burden: $0.
    Total Burden Cost (Operating/Maintaining): $0
    Total Hourly Burden Cost: $389,427.

Robert Costello,
Chief Information Officer, Cybersecurity and Infrastructure Security 
Agency, Department of Homeland Security.
[FR Doc. 2022-21407 Filed 9-30-22; 8:45 am]
BILLING CODE 9110-9P-P


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.