Intent To Request Revision of Agency Information Collection Activity Under OMB Review: Baseline Assessment for Security Enhancement (BASE) Program

Issuing agencies

Abstract

The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0062 abstracted below that we will submit to OMB for a revision in compliance with the Paperwork Reduction Act (PRA). The ICR covers the assessment of current security practices in public transportation passenger rail (PTPR) and highway and motor carrier (HWY) industries by way of the Baseline Assessment for Security Enhancement (BASE) program, which encompasses site visits and interviews, and is part of the larger domain awareness, prevention, and protection program that supports the mission of TSA and the Department of Homeland Security (DHS). This voluntary collection allows TSA to conduct transportation security- related assessments during site visits with security and operating officials of certain surface transportation modes.

Full Text

<html>
<head>
<title>Federal Register, Volume 88 Issue 217 (Monday, November 13, 2023)</title>
</head>
<body><pre>
[Federal Register Volume 88, Number 217 (Monday, November 13, 2023)]
[Notices]
[Pages 77602-77603]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2023-24858]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration


Intent To Request Revision of Agency Information Collection 
Activity Under OMB Review: Baseline Assessment for Security Enhancement 
(BASE) Program

AGENCY: Transportation Security Administration, DHS.

ACTION: 60-Day notice.

-----------------------------------------------------------------------

SUMMARY: The Transportation Security Administration (TSA) invites 
public comment on one currently approved Information Collection Request 
(ICR), Office of Management and Budget (OMB) control number 1652-0062 
abstracted below that we will submit to OMB for a revision in 
compliance with the Paperwork Reduction Act (PRA). The ICR covers the 
assessment of current security practices in public transportation 
passenger rail (PTPR) and highway and motor carrier (HWY) industries by 
way of the Baseline Assessment for Security Enhancement (BASE) program, 
which encompasses site visits and interviews, and is part of the larger 
domain awareness, prevention, and protection program that supports the 
mission of TSA and the Department of Homeland Security (DHS). This 
voluntary collection allows TSA to conduct transportation security-
related assessments during site visits with security and operating 
officials of certain surface transportation modes.

DATES: Send your comments by January 12, 2024.

ADDRESSES: Comments may be emailed to <a href="/cdn-cgi/l/email-protection#461215071614070632352768222e3568212930"><span class="__cf_email__" data-cfemail="b6e2e5f7e6e4f7f6c2c5d798d2dec598d1d9c0">[email&#160;protected]</span></a> or delivered 
to the TSA PRA Officer, Information Technology, TSA 11, Transportation 
Security Administration, 6595 Springfield Center Drive, Springfield, VA 
20598-6011.

FOR FURTHER INFORMATION CONTACT: Nicole Raymond at the above address, 
or by telephone (571) 227-2526.

SUPPLEMENTARY INFORMATION: 

Comments Invited

    In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3501 et seq.), an agency may not conduct or sponsor, and a person is 
not required to respond to, a collection of information unless it 
displays a valid OMB control number. The ICR documentation will be 
available at <a href="https://www.reginfo.gov">https://www.reginfo.gov</a> upon its submission to OMB. 
Therefore, in preparation for OMB review and approval of the following 
information collection, TSA is soliciting comments to--
    (1) Evaluate whether the proposed information requirement is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    (2) Evaluate the accuracy of the agency's estimate of the burden;
    (3) Enhance the quality, utility, and clarity of the information to 
be collected; and
    (4) Minimize the burden of the collection of information on those 
who are to respond, including using appropriate automated, electronic, 
mechanical, or other technological collection techniques or other forms 
of information technology.

Information Collection Requirement

    OMB Control Number 1652-0062; Baseline Assessment for Security 
Enhancement (BASE) Program. Under the Aviation and Transportation 
Security Act and delegated authority from the Secretary of Homeland 
Security, TSA has broad responsibility and authority for ``security in 
all modes of transportation including security responsibilities over 
modes of transportation that are exercised by the Department of 
Transportation.'' \1\ TSA is also required to ``assess the security of 
each surface transportation mode and evaluate the effectiveness and 
efficiency of current Federal Government surface transportation 
security initiatives.'' \2\
---------------------------------------------------------------------------

    \1\ See Public Law 107-71, (115 Stat. 597, Nov. 19, 2001), 
codified at 49 U.S.C. 114(d). The TSA Administrator's current 
authorities under the Aviation and Transportation Security Act have 
been delegated to him by the Secretary of Homeland Security. Section 
403(2) of the Homeland Security Act (HSA) of 2002, Public Law 107-
296, (116 Stat. 2315, Nov. 25, 2002), transferred all functions of 
TSA, including those of the Secretary of Transportation and the 
Under Secretary of Transportation of Security related to TSA, to the 
Secretary of Homeland Security. Pursuant to DHS Delegation Number 
7060.2, the Secretary delegated to the Assistant Secretary (now 
referred to as the Administrator of TSA), subject to the Secretary's 
guidance and control, the authority vested in the Secretary with 
respect to TSA, including that in sec. 403(2) of the HSA.
    \2\ See Executive Order 13416 of Dec. 5, 2006 (Strengthening 
Surface Transportation Security) at sec. 3(a).
---------------------------------------------------------------------------

    TSA developed the BASE program in 2007, in an effort to engage with 
surface transportation entities to establish a ``baseline'' of security 
and emergency response operations. This program was initially created 
for PTPR (including rail and bus operations). Based on the success of 
the program, TSA developed the HWY BASE program in 2012. The HWY BASE 
applies to trucking, school bus contractors, school districts, and 
over-the-road motor coaches. This voluntary program enables TSA to 
collect and evaluate physical and operational preparedness information 
and critical assets and key point-of-contact lists. TSA also reviews 
emergency procedures and domain awareness training and provides an 
opportunity to share industry best practices.
    The BASE program provides TSA with current information on adopted 
security-practices within the PTPR and HWY modes of the surface 
transportation sector. The information collected also allows TSA to 
dynamically adapt programs to the changing threat with an understanding 
of the improvements surface transportation entities make in their 
security posture. Additionally, the relationships these face-to-face 
contacts foster are critical to TSA's ability to reach out to the 
surface transportation entities participating in the BASE program.
    In carrying out the voluntary BASE program, TSA's Transportation 
Security Inspectors-Surface (TSIs-S) conduct BASE reviews during site 
visits with security and operating officials of PTPR

[[Page 77603]]

and HWY systems, throughout the U.S. The TSIs-S receive and document 
relevant information using a standardized checklist. In April 2020 the 
Government Accountability Office, audit GA-20-404, recommended TSA 
update the BASE cybersecurity questions to ensure they reflect key 
practices. As a result, TSA revised the collection to reflect the five 
core functions of the National Institute of Standards and Technology 
(NIST) cybersecurity framework. These core functions, and a majority of 
the subcategories, were combined with industry best practices into a 
set of additional questions focused on cybersecurity to identify 
vulnerabilities and provide support for strengthening the cybersecurity 
baseline for the surface transportation sector. In May 2023, TSA formed 
a team of surface transportation subject matter experts to review the 
222 questions on the PTPR BASE and 52 that were deemed no longer 
relevant or repetitive, were removed.
    Advance coordination and planning ensures the efficiency of the 
assessment process. The TSIs-S review and analyze the stakeholders' 
security plan, if adopted, and determine if the mitigation measures 
included in the plan are being effectively implemented, while providing 
additional resources for further security enhancement. In addition to 
examining the security plan document, TSIs-S reviews one or more assets 
of the private and/or public owner/operator.
    During BASE site visits of PTPR and HWY entities, TSIs-S collect 
information and complete a BASE checklist from the review of each 
entity's documents, plans, and procedures. They also interview 
appropriate entity personnel and conduct system observations prompted 
by questions raised during the document review and interview stages. 
TSA conducts the interviews to establish and clarify information on 
security measures implemented by the entity and to identify security 
gaps. The one-on-one interviews establish a relationship that fosters 
engagement on, and implementation of, effective and sustained security.
    Without this information, the ability for TSA to perform its 
security mission would be severely hindered. Absent this program, there 
would be no consistent data about these transportation security 
programs, nor a decentralized database TSA could use to benchmark the 
programs. While many PTPR and HWY entities have security and emergency 
response plans or protocols in place, the BASE provides a consistent 
approach to evaluate the extent to which security programs exist and 
the content of those programs.
    The participants in the BASE program receive the benefit of a no-
cost, voluntary, risk-based assessment tailored to their operations and 
the size of their organization. These targeted assessments provide 
actionable options for consideration to strengthen an entities lowest-
scoring items. Organizations that participate in the BASE may qualify 
to receive grant funding to address high-risk security areas and also 
receive additional guidance to strengthen their security.
    While TSA has not set a limit on the number of BASE program reviews 
to conduct, TSA estimates it will conduct approximately 70 PTPR BASE 
reviews and approximately 107 HWY BASE reviews on an annual basis. TSA 
does not intend to conduct more than one BASE review per public 
transportation passenger rail system in a single year. TSA estimates 
that the hour burden per PTPR entity to engage its security and/or 
operating officials with inspectors in the interactive BASE program 
review process is approximately 9 hours. For HWY, TSA estimates 
approximately 1.8 hours per HWY entity to engage its security and/or 
operating officials with inspectors in the interactive BASE program 
review process. Those who choose to also participate in the new cyber 
BASE will spend 7.8 hours each, and TSA expects there will be eight 
reviews conducted per year. The total annual hour burden for the PTPR 
BASE program review is 630 hours, for HWY BASE 192.6 hours, and for 
Cybersecurity BASE 62.4 hours, for a total annual burden of 885 hours.

    Dated: November 6, 2023.
Nicole Raymond,
TSA Paperwork Reduction Act Officer, Information Technology.
[FR Doc. 2023-24858 Filed 11-9-23; 8:45 am]
BILLING CODE 9110-05-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>