Revision of a Currently Approved Information Collection for Chemical-Terrorism Vulnerability Information (CVI)

Issuing agencies

Abstract

The Infrastructure Security Division (ISD) within the Cybersecurity and Infrastructure Security Agency (CISA) will submit the following Information Collection Request to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995. The submission proposes to renew the information collection for an additional three years and to update both the burden estimates and the statutory authority for the information collection. CISA previously published this ICR in the Federal Register on September 13, 2024, for a 60-day public comment period. One unrelated public comment was submitted.\1\ The purpose of this notice is to allow additional 30 days for public comments. ---------------------------------------------------------------------------

Full Text

<html>
<head>
<title>Federal Register, Volume 89 Issue 225 (Thursday, November 21, 2024)</title>
</head>
<body><pre>
[Federal Register Volume 89, Number 225 (Thursday, November 21, 2024)]
[Notices]
[Pages 92141-92142]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2024-27287]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. CISA-2024-0023]


Revision of a Currently Approved Information Collection for 
Chemical-Terrorism Vulnerability Information (CVI)

AGENCY: Cybersecurity and Infrastructure Security Agency, DHS.

ACTION: 30-Day notice and request for comments; renewal of Information 
Collection Request (ICR): 1670-0015.

-----------------------------------------------------------------------

SUMMARY: The Infrastructure Security Division (ISD) within the 
Cybersecurity and Infrastructure Security Agency (CISA) will submit the 
following Information Collection Request to the Office of Management 
and Budget (OMB) for review and clearance in accordance with the 
Paperwork Reduction Act of 1995. The submission proposes to renew the 
information collection for an additional three years and to update both 
the burden estimates and the statutory authority for the information 
collection. CISA previously published this ICR in the Federal Register 
on September 13, 2024, for a 60-day public comment period. One 
unrelated public comment was submitted.\1\ The purpose of this notice 
is to allow additional 30 days for public comments.
---------------------------------------------------------------------------

    \1\ The unrelated public comment may be viewed at <a href="https://www.regulations.gov/comment/CISA-2024-0023-0002">https://www.regulations.gov/comment/CISA-2024-0023-0002</a>.

---------------------------------------------------------------------------
DATES: Comments will be accepted until December 23, 2024.

ADDRESSES: Written comments and recommendations for the proposed 
information collection should be sent within 30 days of publication of 
this notice to <a href="http://www.reginfo.gov/public/do/PRAMain">www.reginfo.gov/public/do/PRAMain</a>. Find this particular 
information collection by selecting ``Currently under 30-day Review--
Open for Public Comments'' or by using the search function. All 
submissions received must include the agency name ``CISA'' and docket 
number CISA-2024-0023.
    Comments that include trade secrets, confidential commercial or 
financial information, Chemical-terrorism Vulnerability Information 
(CVI),\2\ Sensitive Security Information (SSI),\3\ or Protected 
Critical Infrastructure Information (PCII) \4\ should be coordinated 
with the point of contact for this notice provided in the FOR FURTHER 
INFORMATION CONTACT section.
---------------------------------------------------------------------------

    \2\ For more information about CVI see 6 CFR 27.400 and the CVI 
Procedural Manual at <a href="http://www.dhs.gov/publication/safeguarding-cvi-manual">www.dhs.gov/publication/safeguarding-cvi-manual</a>.
    \3\ For more information about SSI see 49 CFR part 1520 and the 
SSI Program web page at <a href="http://www.tsa.gov/for-industry/sensitive-security-information">www.tsa.gov/for-industry/sensitive-security-information</a>.
    \4\ For more information about PCII see 6 CFR part 29 and the 
PCII Program web page <a href="http://atwww.dhs.gov/pcii-program">atwww.dhs.gov/pcii-program</a>.
---------------------------------------------------------------------------

    The Office of Management and Budget is particularly interested in 
comments which:
    1. Evaluate whether the proposed collection of information is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    2. Evaluate the accuracy of the agency's estimate of the burden of 
the proposed collection of information, including the validity of the 
methodology and assumptions used;
    3. Enhance the quality, utility, and clarity of the information to 
be collected; and
    4. Minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology, e.g., permitting electronic 
submissions of responses.

FOR FURTHER INFORMATION CONTACT: Annie Hunziker Boyer, 703-603-5000, 
<a href="/cdn-cgi/l/email-protection#fbb8b2a8baa99e9c8e979a8f92949588bb969a9297d59892889ad59f9388d59c948d"><span class="__cf_email__" data-cfemail="793a302a382b1c1e0c15180d1016170a3914181015571a100a18571d110a571e160f">[email&#160;protected]</span></a>.

SUPPLEMENTARY INFORMATION: The Chemical Facility Anti-Terrorism 
Standards (CFATS) Program identified and regulated the security of 
high-risk chemical facilities using a risk-based approach. Pursuant to 
section 5 of the Protecting and Securing Chemical Facilities from 
Terrorist Attacks Act of 2014 (Pub. L. 113-254, as amended by Pub. L. 
116-150; 6 U.S.C. 621 note), authorization had been granted for CFATS 
until July 27, 2023. Congress did not act to reauthorize the program in 
time and, as such, the authorization expired on July 28, 2023. 
Therefore, regulations written pursuant to CFATS authority are not 
currently active. While regulatory text for the CFATS regulation, 
including information protection requirements, is located in part 27 of 
title 6 of the Code of Federal Regulations (CFR), the text is inactive 
due to the lapse in authority.
    CISA continues to possess and safeguard the information provided to 
CISA under the CFATS program prior to the program's lapse in authority 
on July 28, 2023. CISA also continues to receive requests for these 
government records and has continued to treat any information 
previously designated as CVI prior to the July 28, 2023 lapse 
consistent with the previously established CVI information handling 
protection regime. As a result, prior to granting access to information 
safeguarded as CVI, CISA verifies that the requestor is a CVI 
Authorized User. If that requestor has a need to know but is not a CVI 
Authorized User, CISA will provide the requestor with CVI training. The 
requestor then submits an application to become a CVI Authorized User.
    CISA is authorized to safeguard information provided to CISA under 
CFATS prior to July 28, 2023 under 6 U.S.C. 652(e)(1)(J), which grants 
CISA the authority to safeguard information from unauthorized 
disclosure and to ensure that the information is handled and used only 
for the performance of official duties.\5\
---------------------------------------------------------------------------

    \5\ 6 U.S.C. 652(e)(1)(J): (J) To ensure that any material 
received pursuant to this chapter is protected from unauthorized 
disclosure and handled and used only for the performance of official 
duties.
---------------------------------------------------------------------------

    It is the Administration's position that CFATS should be 
reauthorized. However, even without statutory reauthorization, there is 
both a reason to

[[Page 92142]]

continue collecting this information (i.e., enabling individuals with a 
need to know but who are not CVI Authorized Users to access historical 
government records safeguarded as CVI) as well as existing statutory 
authority to do so under 6 U.S.C. 652(e)(1)(J). Once CFATS is 
reauthorized, the training and application to become a CVI Authorized 
User will be made accessible to the public.
    The current information collection for the CVI program (IC 1670-
0015) will expire on November 30, 2024.
    CISA proposes three revisions from the previously approved 
collection. Specifically, to renew the information collection for an 
additional three years, increase the loaded average hourly wage rate of 
respondents from $79.75 to $101.87 based on updated BLS wage and 
compensation data, and to cite 6 U.S.C. 652(e)(1)(J) as its statutory 
authority rather than 6 U.S.C. 623.
    This process is conducted in accordance with 5 CFR 1320.8.

CISA's Methodology in Estimating the Burden for the Chemical-Terrorism 
Vulnerability Information Authorization

Number of Respondents

    The current information collection estimated that 20,000 
respondents submit a request to become a CVI Authorized User Number 
annually. The table below provides the number of respondents over the 
past three years (i.e., Calendar Year (CY) 2020 through CY 2022).

----------------------------------------------------------------------------------------------------------------
                                                                   CY 2020          CY 2021          CY 2022
----------------------------------------------------------------------------------------------------------------
Number of Respondents........................................          11,444           12,931           14,252
----------------------------------------------------------------------------------------------------------------

    Due to past fluctuations and uncertainty regarding the number of 
future respondents, CISA believes that 20,000 continues to be a 
reasonable estimate when CFATS is reauthorized. Therefore, CISA 
proposes to retain the estimated annual number of respondents.

Estimated Time per Respondent

    In the current information collection, the estimated time per 
respondent to prepare and submit a CVI Authorization is 0.50 hours (30 
minutes). CISA proposes to retain the estimated time per respondent.

Annual Burden Hours

    The annual burden hours for the CVI Authorization is [0.50 hours x 
20,000 respondents x 1 response per respondent], which equals 10,000 
hours.

Total Capital/Startup Burden Cost

    Prior to the expiration of CFATS' statutory authorization, the 
instrument through which the information was collected electronically 
was a web interface incorporated into CISA's Chemical Security 
Assessment Tool (CSAT). Since the lapse, and until reauthorization, the 
instrument is a PDF form sent via email to respondents. The PDF form is 
filled out by respondents and returned to CISA via email. When the 
CFATS program is reauthorized, a web-enabled interface will be made 
accessible to the public. Thus, for the purposes of this notice, CISA 
continues to assume there is no annualized capital or start-up costs 
incurred by respondents for this information collection.

Total Recordkeeping Burden

    There are no recordkeeping burden costs incurred by respondents for 
this information collection.

Total Annual Burden Cost

    CISA assumes that respondents are generally Site Security Officers 
(SSOs), although other types of respondents may also complete this 
instrument (e.g., State, and local government employees and 
contractors). For the purpose of this notice, CISA maintains this 
assumption. To estimate the total annual burden, CISA multiplied the 
annual burden of 10,000 hours by the loaded average hourly wage rate of 
SSOs of $101.87 per hour.\6\ Therefore, the total annual burden cost 
for the CVI Authorization instrument is $1,018,700 [10,000 total annual 
burden hours x $101.87 per hour].
---------------------------------------------------------------------------

    \6\ The wage used for an SSO equals that of Managers, All (11-
9199), with a load factor of 1.4481 to account for benefits in 
addition to wages <a href="https://www.bls.gov/oes/2023/may/oes119199.htm">https://www.bls.gov/oes/2023/may/oes119199.htm</a>. 
The load factor is estimated by dividing total compensation by total 
wages and salaries for the Management, Professional and Related 
series ($72/$49.72), which can be found at <a href="https://www.bls.gov/news.release/ecec.t04.htm">https://www.bls.gov/news.release/ecec.t04.htm</a>.
---------------------------------------------------------------------------

Analysis

    Agency: Department of Homeland Security, Cybersecurity and 
Infrastructure Agency, Infrastructure Security Division.
    Title: CFATS Chemical-terrorism Vulnerability Information.
    OMB Number: 1670-0015.
    Instrument: Chemical-terrorism Vulnerability Information Training 
and Authorized User Application.
    Frequency: ``On occasion'' and ``Other''.
    Affected Public: Business or other for-profit.
    Number of Respondents: 20,000 respondents (rounded estimate).
    Estimated Time per Respondent: 0.50 hours.
    Total Burden Hours: 10,000 annual burden hours.
    Total Burden Cost (capital/startup): $0.
    Total Recordkeeping Burden: $0.
    Total Burden Cost: $1,001,275.

Robert J. Costello,
Chief Information Officer, Department of Homeland Security, 
Cybersecurity and Infrastructure Security Agency.
[FR Doc. 2024-27287 Filed 11-20-24; 8:45 am]
BILLING CODE 9111-LF-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>