Revision of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security Reviews and Security Directives, 79899-79900 [2022-28175]
Download as PDF
<![CDATA[
Federal Register / Vol. 87, No. 248 / Wednesday, December 28, 2022 / Notices
Dated: December 21, 2022.
Miguelina Perez,
Program Analyst, Office of Federal Advisory
Committee Policy.
[FR Doc. 2022–28191 Filed 12–27–22; 8:45 am]
BILLING CODE 4140–01–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
National Institutes of Health
National Institute of Diabetes and
Digestive and Kidney Diseases;
Amended Notice of Meeting
Notice is hereby given of a change in
the meeting of the National Institute of
Diabetes and Digestive and Kidney
Diseases Special Emphasis Panel,
January 20, 2023, 1:00 p.m. to January
20, 2023, 03:00 p.m., National Institutes
of Health, Democracy II, 6707
Democracy Blvd., Bethesda, MD, 20892
which was published in the Federal
Register on December 14, 2022, 320439.
The meeting notice is amended to
change the date of the meeting from
January 20, 2023 to January 27, 2023.
The time of the meeting will remain
1:00 p.m. to 3:00 p.m. The meeting is
closed to the public.
Dated: December 21, 2022.
Miguelina Perez,
Program Analyst, Office of Federal Advisory
Committee Policy.
[FR Doc. 2022–28182 Filed 12–27–22; 8:45 am]
BILLING CODE 4140–01–P
Transportation Security Administration
Revision of Agency Information
Collection Activity Under OMB Review:
Pipeline Corporate Security Reviews
and Security Directives
Transportation Security
Administration, DHS.
ACTION: 30-day notice.
AGENCY:
ddrumheller on DSK6VXHR33PROD with NOTICES
Comments Invited
This notice announces that
the Transportation Security
Administration (TSA) has forwarded the
Information Collection Request (ICR),
Office of Management and Budget
(OMB) control number 1652–0056,
abstracted below, to OMB for review
and approval of a revision of the
currently approved collection under the
Paperwork Reduction Act (PRA). The
ICR describes the nature of the
information collection and its expected
burden. This collection combines TSA’s
voluntary Pipeline Corporate Security
VerDate Sep<11>2014
18:26 Dec 27, 2022
Jkt 259001
TSA
published a Federal Register notice,
with a 60-day comment period soliciting
comments, of the following collection of
information on October 3, 2022, 87 FR
59816.
This collection is separate from those
associated with the requirements of TSA
SD Pipeline 2021–01.1
SUPPLEMENTARY INFORMATION:
DEPARTMENT OF HOMELAND
SECURITY
SUMMARY:
Review (PCSR) program with the
mandatory requirements under the TSA
Security Directive (SD) Pipeline–2021–
02 series. The collection allows TSA to
assess the current security practices in
the pipeline industry through TSA’s
PCSR program, which is part of the
larger domain awareness, prevention,
and protection program supporting
TSA’s and the Department of Homeland
Security’s missions. The collection also
allows for the continued institution of
mandatory cybersecurity requirements
under the TSA SD Pipeline–2021–02
series. The updated ICR reflects changes
to collection requirements based on
TSA’s update to the SD Pipline–2021–
02 series, released on July 21, 2022.
DATES: Send your comments by January
27, 2023. A comment to OMB is most
effective if OMB receives it within 30
days of publication.
ADDRESSES: Written comments and
recommendations for the proposed
information collection should be sent
within 30 days of publication of this
notice to www.reginfo.gov/public/do/
PRAMain. Find this particular
information collection by selecting
‘‘Currently under Review—Open for
Public Comments’’ and by using the
find function.
FOR FURTHER INFORMATION CONTACT:
Christina A. Walsh, TSA PRA Officer,
Information Technology (IT), TSA–11,
Transportation Security Administration,
6595 Springfield Center Drive,
Springfield, VA 20598–6011; telephone
(571) 227–2062; email TSAPRA@
tsa.dhs.gov.
In accordance with the Paperwork
Reduction Act of 1995 (44 U.S.C. 3501
et seq.), an agency may not conduct or
sponsor, and a person is not required to
respond to, a collection of information
unless it displays a valid OMB control
number. The ICR documentation will be
available at https://www.reginfo.gov
upon its submission to OMB. Therefore,
in preparation for OMB review and
approval of the following information
1 There are three information collection
requirements associated with TSA Security
Directive Pipeline 2021–01. OMB control number
1652–0055 addresses two of them and OMB control
number 1652–0050 addresses the third.
PO 00000
Frm 00051
Fmt 4703
Sfmt 4703
79899
collection, TSA is soliciting comments
to—
(1) Evaluate whether the proposed
information requirement is necessary for
the proper performance of the functions
of the agency, including whether the
information will have practical utility;
(2) Evaluate the accuracy of the
agency’s estimate of the burden;
(3) Enhance the quality, utility, and
clarity of the information to be
collected; and
(4) Minimize the burden of the
collection of information on those who
are to respond, including using
appropriate automated, electronic,
mechanical, or other technological
collection techniques or other forms of
information technology.
Information Collection Requirement
Title: Pipeline Corporate Security
Reviews (PCSR) Security Directives.
Type of Request: Revision of a
currently approved collection.
OMB Control Number: 1652–0056.
Forms(s): Pipeline Corporate Security
Review (PCSR) Protocol Form and
documents submitted to TSA pursuant
to the requirements in the Security
Directive.
Affected Public: Hazardous Liquids
and Natural Gas Pipeline Industry.
Abstract: Under the Aviation and
Transportation Security Act 2 and
delegated authority from the Secretary
of Homeland Security, TSA has broad
responsibility and authority for
‘‘security in all modes of transportation
. . . including security responsibilities
. . . over modes of transportation that
are exercised by the Department of
Transportation.’’ 3 Congress’ specific
recognition of TSA’s responsibility for
pipeline security is reflected in Sec.
1557 of the Implementing
Recommendations of the 9/11
Commission Act of 2007, Public Law
110–53 (121 Stat. 266; Aug. 3, 2007). In
addition, TSA has statutory authority to
issue security directives (SDs) as
necessary to protect transportation
2 Public Law 107–71 (115 Stat. 597; Nov. 19,
2001), codified at 49 U.S.C. 114.
3 See 49 U.S.C. 114(d). The TSA Administrator’s
current authorities under the Aviation and
Transportation Security Act have been delegated to
him by the Secretary of Homeland Security. Section
403(2) of the Homeland Security Act (HSA) of 2002,
Public Law 107–296 (116 Stat. 2135, Nov. 25, 2002),
transferred all functions of TSA, including those of
the Secretary of Transportation and the Under
Secretary of Transportation of Security related to
TSA, to the Secretary of Homeland Security.
Pursuant to DHS Delegation Number 7060.2, the
Secretary delegated to the Administrator of TSA,
subject to the Secretary’s guidance and control, the
authority vested in the Secretary with respect to
TSA, including that in section 403(2) of the HSA.
E:\FR\FM\28DEN1.SGM
28DEN1
79900
Federal Register / Vol. 87, No. 248 / Wednesday, December 28, 2022 / Notices
ddrumheller on DSK6VXHR33PROD with NOTICES
security and critical infrastructure. See
49 U.S.C. 114(l)(2).
TSA has historically assessed
industry security practices through its
PCSR program.4 The PCSR is a
voluntary, face-to-face visit with a
pipeline owner/operator during which
TSA discusses an owner/operator’s
corporate security planning and the
entries made by the owner/operator on
the PCSR Form. The PCSR Form
includes 150 questions concerning the
owner/operator’s corporate level
security planning, covering security
topics such as physical security,
vulnerability assessments, training, and
emergency communications. TSA uses
the information collected during the
PCSR process to determine baseline
security standards, potential areas of
security vulnerability, and industry
‘‘smart’’ practices throughout the
pipeline mode. While the PCSR
collection supports security plans and
processes, TSA has issued the security
directives with mandatory requirements
in order to mitigate specific security
concerns posed by current threats to
national security.
Establishing Compliance With
Mandatory Requirements in the TSA SD
Pipeline–2021–02 Series; Information
Collection Requirements (Emergency
Revision)
On July 15, 2021, OMB approved
TSA’s requests for an emergency
revision of this information collection,
allowing for the institution of
mandatory requirements issued in TSA
SD Pipeline–2021–02 on July 19, 2021.
See ICR Reference Number: 202107–
1652–002. This SD mandated that
critical pipeline owner/operators take
the following actions: (1) Implement
critically important mitigation measures
to reduce the risk of compromise from
a cyberattack; (2) develop and maintain
an up-to-date Cybersecurity
Contingency/Response Plan; and (3) test
the effectiveness of the operator’s
cybersecurity practices through an
annual cybersecurity architecture design
review. Subsequently, on July 26, 2022,
OMB approved TSA’s request to extend
the information collection. See ICR
Reference Number: 202111–1652–001.
On December 10, 2021, and December
17, 2021, TSA revised the SD Pipeline–
2021–02 series. These updates did not
affect the information collection
requirements.
On July 21, 2022, TSA issued a
substantive revision to the series, SD
Pipeline 2021–02C. This revision
provides owner/operators with more
4 See section 1557 of Public Law 110–53 (121
Stat. 266; Aug. 3, 2007) as codified at 6 U.S.C. 1207.
VerDate Sep<11>2014
18:26 Dec 27, 2022
Jkt 259001
flexibility to meet the intended security
outcomes while ensuring sustainment of
the cybersecurity enhancements
accomplished through this SD series.
Overall, SD Pipeline–2021–02C changed
the cybersecurity requirements from a
prescriptive approach to a performancebased approach focused on certain
security outcomes. The revision also
clarified that the requirements apply to
Critical Cyber Systems, as defined in the
SD, and changed cybersecurity
assessment requirements.
On July 29, 2022, OMB approved
TSA’s requests for the emergency
revision of this information collection,
allowing for the implementation of the
revisions in SD Pipeline–2021–02C. See
ICR Reference Number: 202207–1652–
001.
SD Pipeline 2021–02C requires
identified owner/operators to meet three
general requirements: (1) Establish and
implement a TSA-approved
Cybersecurity Implementation Plan; (2)
develop and maintain an up-to-date
Cybersecurity Incident Response Plan;
and (3) establish a Cybersecurity
Assessment Program and submit an
annual plan. In addition, owner/
operators must make records to
establish compliance with the SD
available to TSA upon request for
inspection and/or copying.
Submissions by pipeline owner/
operators in compliance with the
voluntary PCSR or the mandatory SD
Pipeline–2021–02 series requirements
are deemed Sensitive Security
Information (SSI) and are protected in
accordance with procedures meeting the
transmission, handling, and storage
requirements of SSI in 49 CFR part
1520.
Revision of the Collection
TSA is changing the name of OMB
control number 1652–0056 from
‘‘Pipeline Corporate Security Review
(PCSR)’’ to ‘‘Pipeline Corporate Security
Reviews (PCSR) and Security
Directives’’ to more accurately represent
the information collection. TSA is also
revising the information collection to
remove a portion of the cybersecurity
questions from the PCSR workbook,
which are covered in a separate ICR,
1652–0050 Critical Facility Information
of the Top 100 Most Critical Pipelines.
As a result, TSA removed the majority
(∼ 60) of the cybersecurity questions in
the PCSR workbook, moving from 210 to
160 questions, which resulted in a
burden reduction to the voluntary
collection.
TSA is seeking renewal of this
information collection for the maximum
three-year approval period.
PO 00000
Frm 00052
Fmt 4703
Sfmt 4703
Number of Respondents: 100
respondents annually.
Estimated Annual Burden Hours:
20,180 hours.5
Dated: December 21, 2022.
Christina A. Walsh,
TSA Paperwork Reduction Act Officer,
Information Technology.
[FR Doc. 2022–28175 Filed 12–27–22; 8:45 am]
BILLING CODE 9110–05–P
DEPARTMENT OF THE INTERIOR
Fish and Wildlife Service
[Docket No. FWS–R8–ES–2022–0143;
FXES11140800000–234–FF08ECAR00]
Endangered and Threatened Wildlife
and Plants; Incidental Take Permit
Application; Proposed Habitat
Conservation Plan Amendment for the
Multiple Species Conservation
Program County of San Diego Subarea
Plan, County of San Diego, California
Fish and Wildlife Service,
Interior.
ACTION: Notice of availability; request
for comments.
AGENCY:
We, the U.S. Fish and
Wildlife Service (Service), have received
an application to amend the incidental
take permit (PRT–840414) issued for the
existing Multiple Species Conservation
Program County of San Diego Subarea
Plan (MSCP Subarea Plan). The County
of San Diego (Applicant) has requested
an amendment to the incidental take
permit. The amendment would modify
the MSCP Subarea Plan boundary to add
approximately 77 acres of land solely
for conservation purposes. If amended,
no additional incidental take will be
authorized. The Applicant will follow
all other existing habitat conservation
plan conditions. We also announce a
public comment period. We invite
comments from the public and Federal,
Tribal, State, and local governments.
DATES: To ensure consideration, please
send your written comments by January
27, 2023.
ADDRESSES:
Obtaining Documents: Electronic
copies of the documents this notice
SUMMARY:
5 In the 60-day notice, TSA reported the annual
burden hours as 20,220. Since then, TSA has
revised the voluntary collection, resulting in a
reduction in the annual burden hours. TSA
estimates the total annual burden hours for the
collection to be 20,180 hours (PCSR–180,
Cybersecurity Incident Response Plan-8,000,
Annual Plan for Cybersecurity Assessment-4,000,
Compliance Documentation-8,000). In addition, the
one-time burden for the development and
submission to TSA of the owner/operator’s
Cybersecurity Implementation Plan is 40,000 hours.
E:\FR\FM\28DEN1.SGM
28DEN1
]]>Agencies
[Federal Register Volume 87, Number 248 (Wednesday, December 28, 2022)]
[Notices]
[Pages 79899-79900]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-28175]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Transportation Security Administration
Revision of Agency Information Collection Activity Under OMB
Review: Pipeline Corporate Security Reviews and Security Directives
AGENCY: Transportation Security Administration, DHS.
ACTION: 30-day notice.
-----------------------------------------------------------------------
SUMMARY: This notice announces that the Transportation Security
Administration (TSA) has forwarded the Information Collection Request
(ICR), Office of Management and Budget (OMB) control number 1652-0056,
abstracted below, to OMB for review and approval of a revision of the
currently approved collection under the Paperwork Reduction Act (PRA).
The ICR describes the nature of the information collection and its
expected burden. This collection combines TSA's voluntary Pipeline
Corporate Security Review (PCSR) program with the mandatory
requirements under the TSA Security Directive (SD) Pipeline-2021-02
series. The collection allows TSA to assess the current security
practices in the pipeline industry through TSA's PCSR program, which is
part of the larger domain awareness, prevention, and protection program
supporting TSA's and the Department of Homeland Security's missions.
The collection also allows for the continued institution of mandatory
cybersecurity requirements under the TSA SD Pipeline-2021-02 series.
The updated ICR reflects changes to collection requirements based on
TSA's update to the SD Pipline-2021-02 series, released on July 21,
2022.
DATES: Send your comments by January 27, 2023. A comment to OMB is most
effective if OMB receives it within 30 days of publication.
ADDRESSES: Written comments and recommendations for the proposed
information collection should be sent within 30 days of publication of
this notice to www.reginfo.gov/public/do/PRAMain. Find this particular
information collection by selecting ``Currently under Review--Open for
Public Comments'' and by using the find function.
FOR FURTHER INFORMATION CONTACT: Christina A. Walsh, TSA PRA Officer,
Information Technology (IT), TSA-11, Transportation Security
Administration, 6595 Springfield Center Drive, Springfield, VA 20598-
6011; telephone (571) 227-2062; email [email protected].
SUPPLEMENTARY INFORMATION: TSA published a Federal Register notice,
with a 60-day comment period soliciting comments, of the following
collection of information on October 3, 2022, 87 FR 59816.
This collection is separate from those associated with the
requirements of TSA SD Pipeline 2021-01.\1\
---------------------------------------------------------------------------
\1\ There are three information collection requirements
associated with TSA Security Directive Pipeline 2021-01. OMB control
number 1652-0055 addresses two of them and OMB control number 1652-
0050 addresses the third.
---------------------------------------------------------------------------
Comments Invited
In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C.
3501 et seq.), an agency may not conduct or sponsor, and a person is
not required to respond to, a collection of information unless it
displays a valid OMB control number. The ICR documentation will be
available at https://www.reginfo.gov upon its submission to OMB.
Therefore, in preparation for OMB review and approval of the following
information collection, TSA is soliciting comments to--
(1) Evaluate whether the proposed information requirement is
necessary for the proper performance of the functions of the agency,
including whether the information will have practical utility;
(2) Evaluate the accuracy of the agency's estimate of the burden;
(3) Enhance the quality, utility, and clarity of the information to
be collected; and
(4) Minimize the burden of the collection of information on those
who are to respond, including using appropriate automated, electronic,
mechanical, or other technological collection techniques or other forms
of information technology.
Information Collection Requirement
Title: Pipeline Corporate Security Reviews (PCSR) Security
Directives.
Type of Request: Revision of a currently approved collection.
OMB Control Number: 1652-0056.
Forms(s): Pipeline Corporate Security Review (PCSR) Protocol Form
and documents submitted to TSA pursuant to the requirements in the
Security Directive.
Affected Public: Hazardous Liquids and Natural Gas Pipeline
Industry.
Abstract: Under the Aviation and Transportation Security Act \2\
and delegated authority from the Secretary of Homeland Security, TSA
has broad responsibility and authority for ``security in all modes of
transportation . . . including security responsibilities . . . over
modes of transportation that are exercised by the Department of
Transportation.'' \3\ Congress' specific recognition of TSA's
responsibility for pipeline security is reflected in Sec. 1557 of the
Implementing Recommendations of the 9/11 Commission Act of 2007, Public
Law 110-53 (121 Stat. 266; Aug. 3, 2007). In addition, TSA has
statutory authority to issue security directives (SDs) as necessary to
protect transportation
[[Page 79900]]
security and critical infrastructure. See 49 U.S.C. 114(l)(2).
---------------------------------------------------------------------------
\2\ Public Law 107-71 (115 Stat. 597; Nov. 19, 2001), codified
at 49 U.S.C. 114.
\3\ See 49 U.S.C. 114(d). The TSA Administrator's current
authorities under the Aviation and Transportation Security Act have
been delegated to him by the Secretary of Homeland Security. Section
403(2) of the Homeland Security Act (HSA) of 2002, Public Law 107-
296 (116 Stat. 2135, Nov. 25, 2002), transferred all functions of
TSA, including those of the Secretary of Transportation and the
Under Secretary of Transportation of Security related to TSA, to the
Secretary of Homeland Security. Pursuant to DHS Delegation Number
7060.2, the Secretary delegated to the Administrator of TSA, subject
to the Secretary's guidance and control, the authority vested in the
Secretary with respect to TSA, including that in section 403(2) of
the HSA.
---------------------------------------------------------------------------
TSA has historically assessed industry security practices through
its PCSR program.\4\ The PCSR is a voluntary, face-to-face visit with a
pipeline owner/operator during which TSA discusses an owner/operator's
corporate security planning and the entries made by the owner/operator
on the PCSR Form. The PCSR Form includes 150 questions concerning the
owner/operator's corporate level security planning, covering security
topics such as physical security, vulnerability assessments, training,
and emergency communications. TSA uses the information collected during
the PCSR process to determine baseline security standards, potential
areas of security vulnerability, and industry ``smart'' practices
throughout the pipeline mode. While the PCSR collection supports
security plans and processes, TSA has issued the security directives
with mandatory requirements in order to mitigate specific security
concerns posed by current threats to national security.
---------------------------------------------------------------------------
\4\ See section 1557 of Public Law 110-53 (121 Stat. 266; Aug.
3, 2007) as codified at 6 U.S.C. 1207.
---------------------------------------------------------------------------
Establishing Compliance With Mandatory Requirements in the TSA SD
Pipeline-2021-02 Series; Information Collection Requirements (Emergency
Revision)
On July 15, 2021, OMB approved TSA's requests for an emergency
revision of this information collection, allowing for the institution
of mandatory requirements issued in TSA SD Pipeline-2021-02 on July 19,
2021. See ICR Reference Number: 202107-1652-002. This SD mandated that
critical pipeline owner/operators take the following actions: (1)
Implement critically important mitigation measures to reduce the risk
of compromise from a cyberattack; (2) develop and maintain an up-to-
date Cybersecurity Contingency/Response Plan; and (3) test the
effectiveness of the operator's cybersecurity practices through an
annual cybersecurity architecture design review. Subsequently, on July
26, 2022, OMB approved TSA's request to extend the information
collection. See ICR Reference Number: 202111-1652-001. On December 10,
2021, and December 17, 2021, TSA revised the SD Pipeline-2021-02
series. These updates did not affect the information collection
requirements.
On July 21, 2022, TSA issued a substantive revision to the series,
SD Pipeline 2021-02C. This revision provides owner/operators with more
flexibility to meet the intended security outcomes while ensuring
sustainment of the cybersecurity enhancements accomplished through this
SD series. Overall, SD Pipeline-2021-02C changed the cybersecurity
requirements from a prescriptive approach to a performance-based
approach focused on certain security outcomes. The revision also
clarified that the requirements apply to Critical Cyber Systems, as
defined in the SD, and changed cybersecurity assessment requirements.
On July 29, 2022, OMB approved TSA's requests for the emergency
revision of this information collection, allowing for the
implementation of the revisions in SD Pipeline-2021-02C. See ICR
Reference Number: 202207-1652-001.
SD Pipeline 2021-02C requires identified owner/operators to meet
three general requirements: (1) Establish and implement a TSA-approved
Cybersecurity Implementation Plan; (2) develop and maintain an up-to-
date Cybersecurity Incident Response Plan; and (3) establish a
Cybersecurity Assessment Program and submit an annual plan. In
addition, owner/operators must make records to establish compliance
with the SD available to TSA upon request for inspection and/or
copying.
Submissions by pipeline owner/operators in compliance with the
voluntary PCSR or the mandatory SD Pipeline-2021-02 series requirements
are deemed Sensitive Security Information (SSI) and are protected in
accordance with procedures meeting the transmission, handling, and
storage requirements of SSI in 49 CFR part 1520.
Revision of the Collection
TSA is changing the name of OMB control number 1652-0056 from
``Pipeline Corporate Security Review (PCSR)'' to ``Pipeline Corporate
Security Reviews (PCSR) and Security Directives'' to more accurately
represent the information collection. TSA is also revising the
information collection to remove a portion of the cybersecurity
questions from the PCSR workbook, which are covered in a separate ICR,
1652-0050 Critical Facility Information of the Top 100 Most Critical
Pipelines. As a result, TSA removed the majority (~ 60) of the
cybersecurity questions in the PCSR workbook, moving from 210 to 160
questions, which resulted in a burden reduction to the voluntary
collection.
TSA is seeking renewal of this information collection for the
maximum three-year approval period.
Number of Respondents: 100 respondents annually.
Estimated Annual Burden Hours: 20,180 hours.\5\
---------------------------------------------------------------------------
\5\ In the 60-day notice, TSA reported the annual burden hours
as 20,220. Since then, TSA has revised the voluntary collection,
resulting in a reduction in the annual burden hours. TSA estimates
the total annual burden hours for the collection to be 20,180 hours
(PCSR-180, Cybersecurity Incident Response Plan-8,000, Annual Plan
for Cybersecurity Assessment-4,000, Compliance Documentation-8,000).
In addition, the one-time burden for the development and submission
to TSA of the owner/operator's Cybersecurity Implementation Plan is
40,000 hours.
Dated: December 21, 2022.
Christina A. Walsh,
TSA Paperwork Reduction Act Officer, Information Technology.
[FR Doc. 2022-28175 Filed 12-27-22; 8:45 am]
BILLING CODE 9110-05-P
