Agency Information Collection Activities: Incident Reporting Form and Associated Submission Tools (ICR 1670-0037)

Issuing agencies

Abstract

DHS CISA Cybersecurity Division (CSD) submits the following Information Collection Request (ICR) renewal to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995.

Full Text

<html>
<head>
<title>Federal Register, Volume 89 Issue 123 (Wednesday, June 26, 2024)</title>
</head>
<body><pre>
[Federal Register Volume 89, Number 123 (Wednesday, June 26, 2024)]
[Notices]
[Pages 53436-53437]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2024-14009]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. CISA-2024-0013]


Agency Information Collection Activities: Incident Reporting Form 
and Associated Submission Tools (ICR 1670-0037)

AGENCY: Cybersecurity and Infrastructure Security Agency (CISA), 
Department of Homeland Security (DHS).

ACTION: 60-Day notice and request for comments.

-----------------------------------------------------------------------

SUMMARY: DHS CISA Cybersecurity Division (CSD) submits the following 
Information Collection Request (ICR) renewal to the Office of 
Management and Budget (OMB) for review and clearance in accordance with 
the Paperwork Reduction Act of 1995.

DATES: Comments are encouraged and will be accepted until August 26, 
2024.

ADDRESSES: You may submit comments, identified by docket number CISA-
2024-0013 at;
    <bullet> Federal eRulemaking Portal: <a href="http://www.regulations.gov">http://www.regulations.gov</a>. 
Please follow the instructions for submitting comments.
    Instructions: All submissions received must include the words 
``Department of Homeland Security'' and the docket number for this 
action. Comments received will be posted without alternation to <a href="http://www.regulations.gov">http://www.regulations.gov</a>, including any personal information provided.
    Docket: For access to the docket to read background documents or 
comments received, please go to <a href="http://www.regulations.gov">http://www.regulations.gov</a> and enter 
docket number CISA-2024-0013.
    Comments submitted in response to this notice may be made available 
to the public through relevant websites. For this reason, please do not 
include in your comments information of a confidential nature, such as 
sensitive personal information or proprietary information. If you send 
an email comment, your email address will be automatically captured and 
included as part of the comment that is placed in the public docket and 
made available on the internet. Please note that responses to this 
public comment request containing any routine notice about the 
confidentiality of the communication will be treated as public comments 
that may be made available to the public notwithstanding the inclusion 
of the routine notice.

FOR FURTHER INFORMATION CONTACT: Brian DeWyngaert; 703-235-5737; 
<a href="/cdn-cgi/l/email-protection#b6f4c4dfd7d898d2d3c1cfd8d1d7d3c4c2f6d5dfc5d798d2dec598d1d9c0"><span class="__cf_email__" data-cfemail="bbf9c9d2dad595dfdeccc2d5dcdadec9cffbd8d2c8da95dfd3c895dcd4cd">[email&#160;protected]</span></a>.

SUPPLEMENTARY INFORMATION: CISA serves as ``a Federal civilian 
interface for the multi-directional and cross-sector sharing of 
information related to cyber threat indicators, defensive measures, 
cybersecurity risks, incidents, analysis, and warnings for Federal and 
non-Federal entities.'' 6 U.S.C. 659(c)(1).
    CISA is responsible for performing, coordinating, and supporting 
response to information security incidents, which may originate outside 
the Federal community and affect users within it, or originate within 
the Federal community and affect users outside of it. CISA uses the 
information from incident reports to develop timely and actionable 
information for distribution to federal departments and agencies; 
state, local, tribal and territorial (SLTT) governments; critical 
infrastructure owners and operators; private industry; and 
international organizations. Often, the effective handling of security 
incidents relies on information sharing among individual users, 
industry, and the Federal Government, which may be facilitated by and 
through CISA.
    Pursuant to the Federal Information Security Modernization Act of 
2014 (FISMA), 44 U.S.C. 3552 et seq., CISA operates the federal 
information security incident center for the United States Federal 
Government. 44 U.S.C. 3556. Federal agencies notify and consult with 
CISA regarding information security incidents involving federal 
information systems. CISA provides federal agencies with technical 
assistance and guidance on detecting and handling security incidents, 
compile and analyze incident information that threatens information 
security, inform agencies of current and potential threats and 
vulnerabilities, and provide intelligence or other information about 
cyber threats, vulnerabilities, and incidents to agencies. 44 U.S.C. 
3556(a). CISA also receives voluntary incident reports from non-federal 
entities.
    CISA's website (at <a href="https://www.cisa.gov/">https://www.cisa.gov/</a>) is a primary tool used by 
constituents to report incident information, access information sharing 
products and services, and interact with CISA. Constituents, which may 
include anyone or any entity in the public, use forms located on the 
website to complete these activities. Incident reports are primarily 
submitted using CISA's internet reporting system,

[[Page 53437]]

available at <a href="https://www.cisa.gov/forms/report">https://www.cisa.gov/forms/report</a>. CISA collects cyber 
threat indicators and defensive measures in accordance with the 
requirements of the Cybersecurity Information Sharing Act of 2015 
through CISA's Cyber Threat Indicator and Defensive Measure Submission 
System, <a href="https://www.cisa.gov/forms/share-indicators">https://www.cisa.gov/forms/share-indicators</a>. CISA shares cyber 
threat indicators and defensive measures it receives with certain 
federal entities in an automated and real-time manner. 6 U.S.C. 
1504(c).
    By accepting incident reports and feedback, and interacting among 
federal agencies, industry, the research community, state and local 
governments, and others to disseminate reasoned and actionable 
cybersecurity information to the public, CISA has provided a way for 
citizens, businesses, and other institutions to communicate and 
coordinate directly with the Federal Government about cybersecurity. 
The information is collected via the following forms:
    1. The Incident Reporting Form, DHS Cyber Threat Indicator and 
Defensive Measure Submission System, and Malware Analysis Submission 
Form enable end users to report incidents and indicators as well as 
submit malware artifacts associated with incidents to CISA. This 
information is used by DHS to conduct analyses and provide warnings of 
system threats and vulnerabilities, and to develop mitigation 
strategies as appropriate. These forms also request the user's name, 
email address, organization, and infrastructure sector. The primary 
purpose for the collection of this information is to allow DHS to 
contact requestors regarding their request.
    2. The Mail Lists Form enables end users to subscribe to the 
National Cyber Awareness System's mailing lists, which deliver the 
content of and links to CISA's information sharing products. The user 
must provide an email address in order to subscribe or unsubscribe, 
though subscribing or unsubscribing are optional. The primary purpose 
for the collection of this information is to allow DHS to contact 
requestors regarding their request.
    3. The Cyber Security Evaluation Tool (CSET) Download Form, which 
requests the name, email address, organization, infrastructure sector, 
country, and intended use of those seeking to download the CSET. All 
requested fields are optional. The primary purpose for the collection 
of this information is to allow DHS to contact requestors regarding 
their request.
    Web form submission is also used as the collection method for the 
other forms listed. In addition to web-based electronic forms, 
information may be collected through email or telephone. These methods 
enable individuals, private sector entities, personnel working at other 
federal or state agencies, and international entities, including 
individuals, companies and other nations' governments to submit 
information.
    This information collection request is a renewal of an existing 
collection of information. There are minor changes to the forms, 
questions, or other collection instruments. These changes reflect the 
addition of questions for reporting purposes. With this renewal, CISA 
is replacing the current Advanced Malware Analysis Capability (AMAC) 
submission form with the Malware Analysis Submission Form (``Malware 
Next-Gen''), but that form's questions will not change. CISA is also 
updating the Incident Reporting Form by removing one question, 
modifying some of the existing questions, and adding questions in order 
to both improve user experience and help the agency efficiently 
categorize incident reporting data. To review the developmental digital 
copy of this updated information collection, please contact the POC 
listed above in this notice request.
    This collection of information will not have a significant economic 
impact on a substantial number of small entities. Due to increases in 
wage rates, the changes to the collection since the previous OMB 
approval include updated burden and cost estimates. The annual burden 
cost increased by $42,540, from $543,401 to $585,941. The annual 
government cost increased by $610,548, from $1,886,112 to $2,496,660.
    The Office of Management and Budget is particularly interested in 
comments which:
    1. Evaluate whether the proposed collection of information is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    2. Evaluate the accuracy of the agency's estimate of the burden of 
the proposed collection of information, including the validity of the 
methodology and assumptions used;
    3. Enhance the quality, utility, and clarity of the information to 
be collected; and,
    4. Minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology, e.g., permitting electronic 
submissions of responses.

Analysis

    Agency: Cybersecurity and Infrastructure Security Agency (CISA), 
Department of Homeland Security (DHS).
    Title: Clearance for the Collection of Information through CISA 
Reporting Forms.
    OMB Number: 1670-0037.
    Frequency: Annually.
    Affected Public: State, Local, Tribal, and Territorial Governments, 
Private Sector, and Academia.
    Number of Respondents: 139,125.
    Estimated Time per Respondent: 0.3333 hours, 0.1667 hours, or 
0.0167 hours.
    Total Burden Hours: 13,852 hours.
    Annualized Respondent Cost: $585,941.
    Total Annualized Respondent Out-of-Pocket Cost: $0.
    Total Annualized Government Cost: $2,496,660.

Robert J. Costello,
Chief Information Officer, Department of Homeland Security, 
Cybersecurity and Infrastructure Security Agency.
[FR Doc. 2024-14009 Filed 6-25-24; 8:45 am]
BILLING CODE 9111-LF-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>