Agency Information Collection Activities: CISA Gateway User Registration

Issuing agencies

Abstract

DHS CISA Infrastructure Security Division (ISD), will submit the following information collection request (ICR) to the Office of Management and Budget (OMB) for review and clearance. CISA previously published this information collection request (ICR) in the Federal Register on April 24, 2024, for a 60-day public comment period. No comments were received by CISA. The purpose of this notice is to allow an additional 30 days for public comments.

Full Text

<html>
<head>
<title>Federal Register, Volume 89 Issue 125 (Friday, June 28, 2024)</title>
</head>
<body><pre>
[Federal Register Volume 89, Number 125 (Friday, June 28, 2024)]
[Notices]
[Pages 54026-54027]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2024-14286]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No.: CISA-2024-0011]


Agency Information Collection Activities: CISA Gateway User 
Registration

AGENCY: Cybersecurity and Infrastructure Security Agency (CISA), 
Department of Homeland Security (DHS).

ACTION: 30-Day notice and request for comments; renewal, 1670-0009.

-----------------------------------------------------------------------

SUMMARY: DHS CISA Infrastructure Security Division (ISD), will submit 
the following information collection request (ICR) to the Office of 
Management and Budget (OMB) for review and clearance. CISA previously 
published this information collection request (ICR) in the Federal 
Register on April 24, 2024, for a 60-day public comment period. No 
comments were received by CISA. The purpose of this notice is to allow 
an additional 30 days for public comments.

DATES: Comments are encouraged and will be accepted until July 29, 
2024. Submissions received after the deadline for receiving comments 
may not be considered.

ADDRESSES: Written comments and recommendations for the proposed 
information collection should be sent within 30 days of publication of 
this notice to <a href="http://www.reginfo.gov/public/do/PRAMain">www.reginfo.gov/public/do/PRAMain</a>. Find this particular 
information collection by selecting ``Currently under 30-day Review--
Open for Public Comments'' or by using the search function.

[[Page 54027]]

    OMB is particularly interested in comments that:
    1. Evaluate whether the proposed collection of information is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility:
    2. Evaluate the accuracy of the agency's estimate of the burden of 
the proposed collection of information, including the validity of the 
methodology and assumptions used:
    3. Enhance the quality, utility, and clarity of the information to 
be collected; and
    4. Minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology, e.g., permitting electronic 
submissions of responses.

FOR FURTHER INFORMATION CONTACT: Iesha Alexander, 202-440-0834, 
<a href="/cdn-cgi/l/email-protection#672e02140f0649260b021f060903021527242e342649232f3449202831"><span class="__cf_email__" data-cfemail="024b67716a632c436e677a636c66677042414b51432c464a512c454d54">[email&#160;protected]</span></a>.

SUPPLEMENTARY INFORMATION: The Homeland Security Presidential 
Directive-7, Presidential Policy Directive-22, and the National 
Infrastructure Protection Plan highlight the need for a centrally 
managed repository of infrastructure attributes capable of assessing 
risks and facilitating data sharing. The Critical Infrastructure 
Information Act of 2002 and Title 6 Code of Federal Regulation part 29 
direct an information protection program and a system to record the 
receipt, acknowledgement, and validation of submitted critical 
infrastructure information (CII), as well as storage, dissemination, 
and destruction of original Protected Critical Infrastructure 
Information (PCII). To support these missions, the DHS CISA ISD 
developed the CISA Gateway and the Protected Critical Infrastructure 
Information Management System (PCIIMS). The CISA Gateway and PCIIMS 
contain several capabilities which support the homeland security 
mission in the area of critical infrastructure (CI) and information 
protection.
    The purpose of this collection is to gather the details pertaining 
to the users of the CISA Gateway and PCIIMS for the purpose of creating 
accounts to access the CISA Gateway and PCIIMS. This information is 
also used to verify a need to know to access the CISA Gateway and 
PCIIMS. After being vetted and granted access, users are prompted and 
required to take an online training course upon first logging into the 
system. After completing the training, users are permitted full access 
to the systems. In addition, this collection will gather feedback from 
the users of the CISA Gateway to determine any future system 
improvements.
    The information gathered will be used by the CISA Gateway Program 
Management Team and the PCII Program Office for PCIIMS to vet users for 
a need to know and grant access to the system. For the CISA Gateway, as 
part of the registration process, users are required to take a one-time 
online training course. When logging into the system for the first 
time, the system prompts users to take the training courses. Users 
cannot opt out of the training and are required to take the course in 
order to gain and maintain access to the system. When users complete 
the training, the system automatically logs that the training is 
complete and allows full access to the system. For PCIIMS, after 
registration and vetting, users are directed to take PCII Authorized 
User training, which must be retaken annually to maintain their active 
status.
    The collection of information uses automated electronic forms. 
During the online registration process, there is an electronic form 
used to create a user account and an online training course required to 
grant access.
    The collection was initially approved on October 9, 2007, and the 
most recent approval was on December 19, 2023, with an expiration date 
of June 30, 2024. The changes to the collection since the previous OMB 
approval include updating the title of the collection, decrease in 
burden estimates and decrease in costs.
    The total annual burden cost for the collection has changed by 
$3,096.40, from $4,128 to $7,224.40 due to the removal of the 
utilization survey, and the addition of PCIIMS respondents. For the 
CISA Gateway, the total number of responses has increased from 350 to 
700 due to the updated metrics resulting from the awareness campaign 
and due to the registration process changing which does not include the 
training registration. The annual government cost for this collection 
has changed by $8,340.92 from $5,723 to $14,063.92 due to the removal 
of the utilization survey, and the addition of PCIIMS respondents. This 
is a renewal of an information collection.

Analysis

    Agency: Cybersecurity and Infrastructure Security Agency (CISA), 
Department of Homeland Security (DHS).
    Title of Collection: CISA Gateway User Registration.
    OMB Control Number: 1670-0009.
    Frequency: Annually.
    Affected Public: State, local, Tribal, and Territorial governments 
and private sector individuals.
    Number of Annualized Respondents: 700.
    Estimated Time per Respondent: 0.167 hours for registration, 0.167 
hours for training.
    Total Annualized Burden Hours: 116.679 hours.
    Total Annualized Respondent Opportunity Cost: $7,224.40.
    Total Annualized Respondent Out-of-Pocket Cost: $0.
    Total Annualized Government Cost: $14,063.92.

Robert J. Costello,
Chief Information Officer, Department of Homeland Security, 
Cybersecurity and Infrastructure Security Agency.
[FR Doc. 2024-14286 Filed 6-27-24; 8:45 am]
BILLING CODE 9111-LF-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>