Extension of Agency Information Collection Activity Under OMB Review: Cybersecurity Measures for Surface Modes, 14628-14630 [2023-04859]

Download as PDF ddrumheller on DSK120RN23PROD with NOTICES1 14628 Federal Register / Vol. 88, No. 46 / Thursday, March 9, 2023 / Notices submitted to HHS, for which HRSA was deemed a custodian of the requested data given HRSA’s oversight of the Provider Relief Fund. HRSA has reason to believe that information in the records could reasonably be considered confidential commercial information and exempt from disclosure under FOIA Exemption 4. FOIA Exemption 4 allows agencies to withhold trade secrets and commercial or financial information obtained from a person (business entities including hospitals are considered people under the FOIA) and is privileged or confidential. Both the Executive Order and HHS FOIA regulations permit agencies to notify a voluminous number of submitters by posting or publishing a notice in a place where the submitters are reasonably likely to become aware of it. See Executive Order 12600 or 45 CFR 5.42(a)(1). This notice satisfies this requirement. Additionally, HRSA will send predisclosure notices directly to hospitals for whom HRSA has contact information. HRSA determined that, for those hospitals that did not receive a payment in the first round of the COVID–19 High Impact Area Distribution, the following responsive data could reasonably be considered confidential commercial information and exempt from disclosure under FOIA Exemption 4: (1) number of COVID–19 admissions; and (2) intensive care unit hospital beds for each facility (and associated Centers for Medicare & Medicaid Services’ Certification Number (CCN)) HRSA must analyze the releasability of the data prior to making a release decision. Because organizations submitted data to HHS that was identified in the FOIA request, HRSA is notifying submitters of their full rights through this predisclosure notice. HHS’s FOIA regulations provide affected entities with 10 working days from the date of this notice to object to disclosure of part or all of the information contained in these records. A person who submits records to the government may designate part or all of the information in such records that they may consider exempt from disclosure under Exemption 4 of the FOIA. The designation must be in writing. See 45 CFR 5.41. So that HRSA can determine how providers actually and customarily treat the disclosure of these data, please respond to the following questions with respect to the (1) number of COVID–19 admissions and (2) intensive care unit hospital beds for each facility (and associated CCN) and send your organization’s response to hotspotpdn@ VerDate Sep<11>2014 18:19 Mar 08, 2023 Jkt 259001 hrsa.gov in the timeframe referenced in the dates section of this notice. Please include your organization’s CCN and facility name in your response to ensure that it is attributed correctly. (1) Do you customarily keep the requested information private or closely held? What steps have you taken to protect the confidentiality of the requested data, and to whom has it been disclosed? (2) What facts support your belief that this information is commercial or financial in nature? (3) Did the government provide you with an express or implied assurance of confidentiality when you shared the information with the government? If so, please explain. (4) Were there express or implied indications at the time the information was submitted that the government would publicly disclose the information? If so, please explain. (5) How would disclosure of this information harm an interest protected by Exemption 4 (such as by causing foreseeable harm to your economic or business interests)? Intended Effects of the Action In the event that a submitter fails to respond to the notice within the time specified, it will be considered to have no objection to disclosure of the information. Submitted objections will be given the appropriate consideration; however, responses are not an agreement that HRSA will withhold the information. If HRSA decides to release the information over objection, HRSA will inform submitters, in writing, along with HRSA’s reasons for the decision to release. HRSA will include with such notice a description of the information to be disclosed or copies of the records as HRSA intends to release them. HRSA will also provide submitters with a specific date that HRSA intends to disclose the records, which must be at least 5 working days after the date of the intent to release notice. HRSA will not consider any information received after the date of a disclosure decision. Maria G. Button, Director, Executive Secretariat. [FR Doc. 2023–04858 Filed 3–8–23; 8:45 am] BILLING CODE 4165–15–P PO 00000 DEPARTMENT OF HEALTH AND HUMAN SERVICES National Institutes of Health Center For Scientific Review; Amended Notice of Meeting Notice is hereby given of a change in the meeting of the Center for Scientific Review Special Emphasis Panel Member Conflict: Epidemiology and Population Health, March 28, 2023, 12:00 p.m. to March 28, 2023, 08:00 p.m., National Institutes of Health, Rockledge II, 6701 Rockledge Drive, Bethesda, MD 20892 which was published in the Federal Register on February 27, 2023, 88 FR 12388 Doc. 2023–03969. This meeting is being amended to change the meeting start time from 12:00 p.m. to 11:00 a.m. The meeting is closed to the public. Dated: March 3, 2023. David W Freeman, Program Analyst, Office of Federal Advisory Committee Policy. [FR Doc. 2023–04798 Filed 3–8–23; 8:45 am] BILLING CODE 4140–01–P DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Cybersecurity Measures for Surface Modes Transportation Security Administration, DHS. ACTION: 30-Day notice. AGENCY: This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652–0074, abstracted below, to OMB for an extension of the currently approved collection under the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. Specifically, the collection involves the submission of data concerning the designation of a Cybersecurity Coordinator; the reporting of cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency; the development of a cybersecurity contingency/recovery plan to address cybersecurity gaps; and the completion of a cybersecurity assessment. SUMMARY: Send your comments by April 10, 2023. A comment to OMB is most DATES: Frm 00036 Fmt 4703 Sfmt 4703 E:\FR\FM\09MRN1.SGM 09MRN1 Federal Register / Vol. 88, No. 46 / Thursday, March 9, 2023 / Notices effective if OMB receives it within 30 days of publication. ADDRESSES: Written comments and recommendations for the proposed information collection should be sent within 30 days of publication of this notice to www.reginfo.gov/public/do/ PRAMain. Find this particular information collection by selecting ‘‘Currently under Review—Open for Public Comments’’ and by using the find function. FOR FURTHER INFORMATION CONTACT: Christina A. Walsh, TSA PRA Officer, Information Technology, TSA–11, Transportation Security Administration, 6595 Springfield Center Drive, Springfield, VA 20598–6011; telephone (571) 227–2062; email TSAPRA@ tsa.dhs.gov. SUPPLEMENTARY INFORMATION: TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of the following collection of information on November 14, 2022, 87 FR 68185. ddrumheller on DSK120RN23PROD with NOTICES1 Comments Invited In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.), an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a valid OMB control number. The ICR documentation will be available at https://www.reginfo.gov upon its submission to OMB. Therefore, in preparation for OMB review and approval of the following information collection, TSA is soliciting comments to— (1) Evaluate whether the proposed information requirement is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility; (2) Evaluate the accuracy of the agency’s estimate of the burden; (3) Enhance the quality, utility, and clarity of the information to be collected; and (4) Minimize the burden of the collection of information on those who are to respond, including using appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology. Information Collection Requirement Title: Cybersecurity Measures for Surface Modes. Type of Request: Extension. OMB Control Number: 1652–0074. Form(s): TSA Optional Forms. TSA Surface Cybersecurity Vulnerability Assessment Form. Affected Public: Owner/Operators with operations identified in 49 CFR VerDate Sep<11>2014 18:19 Mar 08, 2023 Jkt 259001 part 1580 (Freight Rail), 49 CFR part 1582 (Mass Transit and Passenger Rail), and 49 CFR part 1584 (Over-the-Road Bus). Abstract: Under the authorities of 49 U.S.C. 114, TSA may take immediate action to impose measures to protect transportation security without providing notice or an opportunity for comment.1 On December 17, 2021, TSA issued the Security Directive (SD) 1580– 21–01 series, Enhancing Rail Cybersecurity, and the SD 1582–21–01 series, Enhancing Public Transportation and Passenger Railroad Cybersecurity, which remain in effect as revised, mandating TSA-specified Owner/ Operators of ‘‘higher risk’’ railroads and rail transit systems, respectively, to implement an array of cybersecurity measures to prevent disruption and degradation to their infrastructure; these security directives became effective December 31, 2021. In addition, on October 18, 2022, TSA issued the SD 1580/1582–2022–01 series, Rail Cybersecurity Mitigation Actions and Testing, which applies to Owner/ Operators of the ‘‘Higher Risk’’ freight railroads identified in 49 CFR 1580.101 and additional TSA-designated freight and passenger railroads. This security directive, which is complementary to the requirements in the previous directives, took effect on October 24, 2022. On October 26, 2022, OMB approved TSA’s request for an emergency approval, revising this information collection. See ICR Reference Number: 202210–1652–001. The collection covers both mandatory reporting under the security directives and collection of information voluntarily submitted under Information Circular (IC) 2021–01, Enhancing Surface Transportation Cybersecurity, which recommended voluntary implementation of actions and reporting by Owner/Operators not covered by the security directives. The OMB approval allowed for the additional institution of mandatory reporting requirements and collection of information voluntarily submitted. See ICR Reference Number: 202111–1652– 003. TSA is now seeking renewal of this 1 TSA issues security directives for surface transportation operators under the statutory authority of 49 U.S.C. 114(l)(2)(A). This provision, from section 101 of the Aviation and Transportation Security Act (ATSA), Public Law 107–71 (115 Stat. 597; Nov. 19, 2001), states: ‘‘Notwithstanding any other provision of law or executive order (including an executive order requiring a cost-benefit analysis), if the Administrator determines that a regulation or security directive must be issued immediately in order to protect transportation security, the Administrator shall issue the regulation or security directive without providing notice or an opportunity for comment and without prior approval of the Secretary.’’ PO 00000 Frm 00037 Fmt 4703 Sfmt 4703 14629 information collection for the maximum three-year approval period. The cybersecurity threats to surface transportation infrastructure that necessitate these collections are within TSA’s statutory responsibility and authority for ‘‘security in all modes of transportation . . . including security responsibilities . . . over modes of transportation that are exercised by the Department of Transportation.’’ See 49 U.S.C. 114(d). The requirements in the security directives and the recommendations in the IC allow TSA to execute its security responsibilities within the surface transportation industry, through awareness of potential security incidents and suspicious activities. A. SD 1580/82–2022–01 Series This security directive series includes the following information collection: 1. Submission of a Cybersecurity Implementation Plan to TSA for approval that identifies how the Owner/ Operator will meet the required security outcomes in the SD; 2. Submission of an Annual Audit Plan for the required Cybersecurity Assessment Program; and 3. Documentation provided to TSA upon request as necessary to establish compliance. B. SD 1580–21–01, SD 1582–21–01, and IC 2021–01 Series These security directives and the IC remain in effect and include the following information collection requirements for the security directives and voluntary collection under the IC: 1. Provide contact information for a designated Cybersecurity Coordinator to TSA. 2. Report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency. 3. Submit a cybersecurity incident response plan to TSA. 4. Complete and submit a cybersecurity vulnerability assessment using a form provided by TSA. TSA will use the collection of information to ensure compliance with TSA’s cybersecurity measures required by the security directives and the recommendations under the IC. Owner/Operators can complete and submit the required information via email or other electronic options provided by TSA. Documentation of compliance must be provided upon request. As the measures in the IC are voluntary, the IC does not require Owner/Operators to report on their compliance. Portions of the responses that are deemed Sensitive Security Information E:\FR\FM\09MRN1.SGM 09MRN1 14630 Federal Register / Vol. 88, No. 46 / Thursday, March 9, 2023 / Notices (SSI) are protected in accordance with procedures meeting the transmission, handling, and storage requirements of SSI set forth in 49 CFR part 1520.2 Number of Respondents: 781. Estimated Annual Burden Hours: An estimated 96,163 hours annually. Dated: March 6, 2023. Christina A. Walsh, TSA Paperwork Reduction Act Officer, Information Technology. [FR Doc. 2023–04859 Filed 3–8–23; 8:45 am] BILLING CODE 9110–05–P DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services [OMB Control Number 1615–0133] Agency Information Collection Activities; Revision of a Currently Approved Collection: Request for Reduced Fee Comments U.S. Citizenship and Immigration Services, Department of Homeland Security. ACTION: 60-Day notice. AGENCY: The Department of Homeland Security (DHS), U.S. Citizenship and Immigration Services (USCIS) invites the general public and other Federal agencies to comment upon this proposed revision of a currently approved collection of information. In accordance with the Paperwork Reduction Act (PRA) of 1995, the information collection notice is published in the Federal Register to obtain comments regarding the nature of the information collection, the categories of respondents, the estimated burden (i.e., the time, effort, and resources used by the respondents to respond), the estimated cost to the respondent, and the actual information collection instruments. DATES: Comments are encouraged and will be accepted for 60 days until May 8, 2023. ADDRESSES: All submissions received must include the OMB Control Number ddrumheller on DSK120RN23PROD with NOTICES1 SUMMARY: 2 In addition, all data in TSA systems are statutorily required to comply with the Federal Information Security Modernization Act 2014 (FISMA) following the National Institute of Standards and Technology Special Publication 800.37 REV2 or Risk Management Framework, and other federal information security requirements including Federal Information Processing Standards 199 and Executive Order 14028. All systems, networks, servers, clouds and endpoints under the FISMA boundary are hardened to meet the Department of Defense Security Technical Implementation Guidelines, as well as DHS Policy (4300.A) and TSA policy (TSA IA Handbook). VerDate Sep<11>2014 18:19 Mar 08, 2023 Jkt 259001 1615–0133 in the body of the letter, the agency name and Docket ID USCIS– 2018–0002. Submit comments via the Federal eRulemaking Portal website at https://www.regulations.gov under eDocket ID number USCIS–2018–0002. FOR FURTHER INFORMATION CONTACT: USCIS, Office of Policy and Strategy, Regulatory Coordination Division, Jerry Rigdon, Acting Chief, telephone number (240) 721–3000 (This is not a toll-free number. Comments are not accepted via telephone message). Please note contact information provided here is solely for questions regarding this notice. It is not for individual case status inquiries. Applicants seeking information about the status of their individual cases can check Case Status Online, available at the USCIS website at https:// www.uscis.gov, or call the USCIS Contact Center at 800–375–5283 (TTY 800–767–1833). SUPPLEMENTARY INFORMATION: You may access the information collection instrument with instructions or additional information by visiting the Federal eRulemaking Portal site at: https://www.regulations.gov and entering USCIS–2018–0002 in the search box. All submissions will be posted, without change, to the Federal eRulemaking Portal at https:// www.regulations.gov, and will include any personal information you provide. Therefore, submitting this information makes it public. You may wish to consider limiting the amount of personal information that you provide in any voluntary submission you make to DHS. DHS may withhold information provided in comments from public viewing that it determines may impact the privacy of an individual or is offensive. For additional information, please read the Privacy Act notice that is available via the link in the footer of https://www.regulations.gov. Written comments and suggestions from the public and affected agencies should address one or more of the following four points: (1) Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility; (2) Evaluate the accuracy of the agency’s estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used; (3) Enhance the quality, utility, and clarity of the information to be collected; and PO 00000 Frm 00038 Fmt 4703 Sfmt 9990 (4) Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses. Overview of This Information Collection (1) Type of Information Collection: Revision of a currently approved collection. (2) Title of the Form/Collection: Request for Reduced Fee. (3) Agency form number, if any, and the applicable component of the DHS sponsoring the collection: I–942; USCIS. (4) Affected public who will be asked or required to respond, as well as a brief abstract: Primary: Individuals or households. USCIS uses the data collected on this form to verify that the applicant is eligible for a reduced fee for the immigration benefit being requested. (5) An estimate of the total number of respondents and the amount of time estimated for an average respondent to respond: The estimated total number of respondents for the information collection I–942 is 4,491 and the estimated hour burden per response is 0.67 hour. (6) An estimate of the total public burden (in hours) associated with the collection: The total estimated annual hour burden associated with this collection is 3,009 hours. (7) An estimate of the total public burden (in cost) associated with the collection: The estimated total annual cost burden associated with this collection of information is $19,087. Dated: March 1, 2023. Jerry L. Rigdon, Acting Branch Chief, Regulatory Coordination Division, Office of Policy and Strategy, U.S. Citizenship and Immigration Services, Department of Homeland Security. [FR Doc. 2023–04791 Filed 3–8–23; 8:45 am] BILLING CODE 9111–97–P E:\FR\FM\09MRN1.SGM 09MRN1

Agencies

[Federal Register Volume 88, Number 46 (Thursday, March 9, 2023)]
[Notices]
[Pages 14628-14630]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-04859]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration


Extension of Agency Information Collection Activity Under OMB 
Review: Cybersecurity Measures for Surface Modes

AGENCY: Transportation Security Administration, DHS.

ACTION: 30-Day notice.

-----------------------------------------------------------------------

SUMMARY: This notice announces that the Transportation Security 
Administration (TSA) has forwarded the Information Collection Request 
(ICR), Office of Management and Budget (OMB) control number 1652-0074, 
abstracted below, to OMB for an extension of the currently approved 
collection under the Paperwork Reduction Act (PRA). The ICR describes 
the nature of the information collection and its expected burden. 
Specifically, the collection involves the submission of data concerning 
the designation of a Cybersecurity Coordinator; the reporting of 
cybersecurity incidents to the Cybersecurity and Infrastructure 
Security Agency; the development of a cybersecurity contingency/
recovery plan to address cybersecurity gaps; and the completion of a 
cybersecurity assessment.

DATES: Send your comments by April 10, 2023. A comment to OMB is most

[[Page 14629]]

effective if OMB receives it within 30 days of publication.

ADDRESSES: Written comments and recommendations for the proposed 
information collection should be sent within 30 days of publication of 
this notice to www.reginfo.gov/public/do/PRAMain. Find this particular 
information collection by selecting ``Currently under Review--Open for 
Public Comments'' and by using the find function.

FOR FURTHER INFORMATION CONTACT: Christina A. Walsh, TSA PRA Officer, 
Information Technology, TSA-11, Transportation Security Administration, 
6595 Springfield Center Drive, Springfield, VA 20598-6011; telephone 
(571) 227-2062; email [email protected].

SUPPLEMENTARY INFORMATION: TSA published a Federal Register notice, 
with a 60-day comment period soliciting comments, of the following 
collection of information on November 14, 2022, 87 FR 68185.

Comments Invited

    In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3501 et seq.), an agency may not conduct or sponsor, and a person is 
not required to respond to, a collection of information unless it 
displays a valid OMB control number. The ICR documentation will be 
available at https://www.reginfo.gov upon its submission to OMB. 
Therefore, in preparation for OMB review and approval of the following 
information collection, TSA is soliciting comments to--
    (1) Evaluate whether the proposed information requirement is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    (2) Evaluate the accuracy of the agency's estimate of the burden;
    (3) Enhance the quality, utility, and clarity of the information to 
be collected; and
    (4) Minimize the burden of the collection of information on those 
who are to respond, including using appropriate automated, electronic, 
mechanical, or other technological collection techniques or other forms 
of information technology.

Information Collection Requirement

    Title: Cybersecurity Measures for Surface Modes.
    Type of Request: Extension.
    OMB Control Number: 1652-0074.
    Form(s): TSA Optional Forms. TSA Surface Cybersecurity 
Vulnerability Assessment Form.
    Affected Public: Owner/Operators with operations identified in 49 
CFR part 1580 (Freight Rail), 49 CFR part 1582 (Mass Transit and 
Passenger Rail), and 49 CFR part 1584 (Over-the-Road Bus).
    Abstract: Under the authorities of 49 U.S.C. 114, TSA may take 
immediate action to impose measures to protect transportation security 
without providing notice or an opportunity for comment.\1\ On December 
17, 2021, TSA issued the Security Directive (SD) 1580-21-01 series, 
Enhancing Rail Cybersecurity, and the SD 1582-21-01 series, Enhancing 
Public Transportation and Passenger Railroad Cybersecurity, which 
remain in effect as revised, mandating TSA-specified Owner/Operators of 
``higher risk'' railroads and rail transit systems, respectively, to 
implement an array of cybersecurity measures to prevent disruption and 
degradation to their infrastructure; these security directives became 
effective December 31, 2021. In addition, on October 18, 2022, TSA 
issued the SD 1580/1582-2022-01 series, Rail Cybersecurity Mitigation 
Actions and Testing, which applies to Owner/Operators of the ``Higher 
Risk'' freight railroads identified in 49 CFR 1580.101 and additional 
TSA-designated freight and passenger railroads. This security 
directive, which is complementary to the requirements in the previous 
directives, took effect on October 24, 2022. On October 26, 2022, OMB 
approved TSA's request for an emergency approval, revising this 
information collection. See ICR Reference Number: 202210-1652-001. The 
collection covers both mandatory reporting under the security 
directives and collection of information voluntarily submitted under 
Information Circular (IC) 2021-01, Enhancing Surface Transportation 
Cybersecurity, which recommended voluntary implementation of actions 
and reporting by Owner/Operators not covered by the security 
directives. The OMB approval allowed for the additional institution of 
mandatory reporting requirements and collection of information 
voluntarily submitted. See ICR Reference Number: 202111-1652-003. TSA 
is now seeking renewal of this information collection for the maximum 
three-year approval period.
---------------------------------------------------------------------------

    \1\ TSA issues security directives for surface transportation 
operators under the statutory authority of 49 U.S.C. 114(l)(2)(A). 
This provision, from section 101 of the Aviation and Transportation 
Security Act (ATSA), Public Law 107-71 (115 Stat. 597; Nov. 19, 
2001), states: ``Notwithstanding any other provision of law or 
executive order (including an executive order requiring a cost-
benefit analysis), if the Administrator determines that a regulation 
or security directive must be issued immediately in order to protect 
transportation security, the Administrator shall issue the 
regulation or security directive without providing notice or an 
opportunity for comment and without prior approval of the 
Secretary.''
---------------------------------------------------------------------------

    The cybersecurity threats to surface transportation infrastructure 
that necessitate these collections are within TSA's statutory 
responsibility and authority for ``security in all modes of 
transportation . . . including security responsibilities . . . over 
modes of transportation that are exercised by the Department of 
Transportation.'' See 49 U.S.C. 114(d).
    The requirements in the security directives and the recommendations 
in the IC allow TSA to execute its security responsibilities within the 
surface transportation industry, through awareness of potential 
security incidents and suspicious activities.

A. SD 1580/82-2022-01 Series

    This security directive series includes the following information 
collection:
    1. Submission of a Cybersecurity Implementation Plan to TSA for 
approval that identifies how the Owner/Operator will meet the required 
security outcomes in the SD;
    2. Submission of an Annual Audit Plan for the required 
Cybersecurity Assessment Program; and
    3. Documentation provided to TSA upon request as necessary to 
establish compliance.

B. SD 1580-21-01, SD 1582-21-01, and IC 2021-01 Series

    These security directives and the IC remain in effect and include 
the following information collection requirements for the security 
directives and voluntary collection under the IC:
    1. Provide contact information for a designated Cybersecurity 
Coordinator to TSA.
    2. Report cybersecurity incidents to the Cybersecurity and 
Infrastructure Security Agency.
    3. Submit a cybersecurity incident response plan to TSA.
    4. Complete and submit a cybersecurity vulnerability assessment 
using a form provided by TSA.
    TSA will use the collection of information to ensure compliance 
with TSA's cybersecurity measures required by the security directives 
and the recommendations under the IC.
    Owner/Operators can complete and submit the required information 
via email or other electronic options provided by TSA. Documentation of 
compliance must be provided upon request. As the measures in the IC are 
voluntary, the IC does not require Owner/Operators to report on their 
compliance.
    Portions of the responses that are deemed Sensitive Security 
Information

[[Page 14630]]

(SSI) are protected in accordance with procedures meeting the 
transmission, handling, and storage requirements of SSI set forth in 49 
CFR part 1520.\2\
---------------------------------------------------------------------------

    \2\ In addition, all data in TSA systems are statutorily 
required to comply with the Federal Information Security 
Modernization Act 2014 (FISMA) following the National Institute of 
Standards and Technology Special Publication 800.37 REV2 or Risk 
Management Framework, and other federal information security 
requirements including Federal Information Processing Standards 199 
and Executive Order 14028. All systems, networks, servers, clouds 
and endpoints under the FISMA boundary are hardened to meet the 
Department of Defense Security Technical Implementation Guidelines, 
as well as DHS Policy (4300.A) and TSA policy (TSA IA Handbook).
---------------------------------------------------------------------------

    Number of Respondents: 781.
    Estimated Annual Burden Hours: An estimated 96,163 hours annually.

    Dated: March 6, 2023.
Christina A. Walsh,
TSA Paperwork Reduction Act Officer, Information Technology.
[FR Doc. 2023-04859 Filed 3-8-23; 8:45 am]
BILLING CODE 9110-05-P


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.