Intent To Request Revision From OMB of One Current Public Collection of Information: Critical Facility Information From the Top 100 Most Critical Pipeline Operators

Issuing agencies

Abstract

The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0050, abstracted below that we will submit to OMB for a revision in compliance with the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. The collection involves critical facility security information.

Full Text

<html>
<head>
<title>Federal Register, Volume 90 Issue 147 (Monday, August 4, 2025)</title>
</head>
<body><pre>
[Federal Register Volume 90, Number 147 (Monday, August 4, 2025)]
[Notices]
[Pages 36446-36447]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2025-14652]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration


Intent To Request Revision From OMB of One Current Public 
Collection of Information: Critical Facility Information From the Top 
100 Most Critical Pipeline Operators

AGENCY: Transportation Security Administration, DHS.

ACTION: 60-Day Notice.

-----------------------------------------------------------------------

SUMMARY: The Transportation Security Administration (TSA) invites 
public comment on one currently approved Information Collection Request 
(ICR), Office of Management and Budget (OMB) control number 1652-0050, 
abstracted below that we will submit to OMB for a revision in 
compliance with the Paperwork Reduction Act (PRA). The ICR describes 
the nature of the information collection and its expected burden. The 
collection involves critical facility security information.

DATES: Send your comments by October 3, 2025.

ADDRESSES: Comments may be emailed to <a href="/cdn-cgi/l/email-protection#4216110312100302262a316c252d34"><span class="__cf_email__" data-cfemail="0d595e4c5d5f4c4d69657e236a627b">[email&#160;protected]</span></a> or delivered to 
the

[[Page 36447]]

TSA PRA Officer, Information Technology (IT), TSA-11, Transportation 
Security Administration, 6595 Springfield Center Drive, Springfield, VA 
20598-6011.

FOR FURTHER INFORMATION CONTACT: Christina A. Walsh at the above 
address, or by telephone (571) 227-2062.

SUPPLEMENTARY INFORMATION:

Comments Invited

    In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3501 et seq.), an agency may not conduct or sponsor, and a person is 
not required to respond to, a collection of information unless it 
displays a valid OMB control number. The ICR documentation will be 
available at <a href="https://www.reginfo.gov">https://www.reginfo.gov</a> upon its submission to OMB. 
Therefore, in preparation for OMB review and approval of the following 
information collection, TSA is soliciting comments to--
    (1) Evaluate whether the proposed information requirement is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    (2) Evaluate the accuracy of the agency's estimate of the burden;
    (3) Enhance the quality, utility, and clarity of the information to 
be collected; and
    (4) Minimize the burden of the collection of information on those 
who are to respond, including using appropriate automated, electronic, 
mechanical, or other technological collection techniques or other forms 
of information technology.

Information Collection Requirement

    OMB Control Number 1652-0050; Critical Facility Information of the 
Top 100 Most Critical Pipelines: The Implementing Recommendations of 
the 9/11 Commission Act of 2007 (9/11 Act) specifically required TSA to 
develop and implement a plan for reviewing the pipeline security plans 
and inspecting the critical facilities of the 100 most critical 
pipeline operators.\1\ Pipeline owner/operators determine which 
facilities qualify as critical facilities based on guidance and 
criteria set forth in the TSA Pipeline Security Guidelines published in 
December 2010 and 2011, with an update published in April 2021. To 
execute the 9/11 Act mandate, TSA visits critical pipeline facilities 
and collects site-specific information from pipeline owner/operators on 
facility security policies, procedures, and physical security measures.
---------------------------------------------------------------------------

    \1\ See sec. 1557 of the 9/11 Act, Pub. L. 110-53 (121 Stat. 
266, 475; Aug. 3, 2007), as codified at 6 U.S.C. 1207.
---------------------------------------------------------------------------

    TSA collects facility security information during the site visits 
using a Critical Facility Security Review (CFSR) form. The CFSR looks 
at individual pipeline facility security measures and procedures.\2\ 
This collection is voluntary. Information collected from the reviews is 
analyzed and used to determine strengths and weaknesses at the nation's 
critical pipeline facilities, areas to target for risk reduction 
strategies, pipeline industry implementation of the voluntary 
guidelines, and the potential need for regulations in accordance with 
the 9/11 Act provision previously cited.
---------------------------------------------------------------------------

    \2\ The CFSR differs from a Corporate Security Review conducted 
by TSA in another information collection that looks at corporate or 
company-wide security management plans and practices for pipeline 
operators. See OMB Control No. 1652-0056 at <a href="https://www.reginfo.gov">https://www.reginfo.gov</a> 
for the PRA approval of information collection for these Corporate 
Security Reviews.
---------------------------------------------------------------------------

    TSA visits with pipeline owner/operators to follow up on their 
implementation of security improvements and recommendations made during 
facility visits. During critical facility visits, TSA documents and 
provides recommendations to improve the security posture of the 
facility. TSA intends to continue to follow up with pipeline owner/
operators via email on their status toward implementation of the 
recommendations made during the critical facility visits. The follow up 
will be conducted at intervals of 6, 12, and 18 months after the 
facility visit.
    In addition to the voluntary requirements, in May 2021, TSA added 
mandatory requirements to the collection. In order to address the 
ongoing cybersecurity threat to pipeline systems and associated 
infrastructure, TSA issued a Security Directive (SD) applicable to 
owner/operators of a hazardous liquid and natural gas pipeline or 
liquefied natural gas facility notified by TSA that their pipeline 
system or facility is critical. These owner/operators were required to 
review Section 7 of TSA's Pipeline Security Guidelines and assess 
current activities, using the TSA Pipeline Cybersecurity Self-
Assessment form, to address cyber risk, and identify remediation 
measures that will be taken to fill those gaps and a timeframe for 
achieving those measures. The form provided is based on the instrument 
used for the CFSRs, limited to cybersecurity issues and augmented to 
address the scope of the SD. The critical pipeline owner/operators were 
required to report the results of this assessment to TSA within 30 days 
of issuance of the SD.
    TSA is revising the collection to remove the mandatory 
requirements. All of the owner/operators have satisfied the SD's 
requirements, and TSA expects that going forward, fewer than 10 owner/
operators would respond to the collection annually. In addition, TSA is 
revising the title of the collection from ``Critical Facility 
Information of the Top 100 Most Critical Pipeline'' to ``Critical 
Facility Information from the Top 100 Most Critical Pipeline 
Operators'' to more accurately align with the statutory requirements. 
TSA is seeking renewal of this information collection for the maximum 
3-year approval period.
    To the extent information provided by operators for each 
information collection is Sensitive Security Information, TSA will 
protect in accordance with procedures meeting the transmission, 
handling, and storage requirements of Sensitive Security Information 
set forth in 49 CFR parts 15 and 1520.
    TSA estimates the annual hour burden for the information collection 
related to the voluntary collection of the CFSR form to be 320 hours. 
TSA will conduct a maximum of 80 facility reviews each year, with each 
review taking approximately 4 hours (320 = 80 x 4).
    TSA estimates the annual hour burden for the information collection 
related to TSA follow ups on the recommendations based on the above 
CFSRs made to facility owner/operators to be 480 hours. TSA estimates 
each owner/operator will spend approximately 2 hours to submit a 
response to TSA regarding its voluntary implementation of security 
recommendations made during each critical facility visit. If a maximum 
of 80 critical facilities are reviewed each year, and TSA follows up 
with each facility owner/operator every 6, 12, and 18 months following 
the visit, the total annual burden is 480 (80 x 2 x 3) hours.
    The total estimated burden for the entire information collection is 
800 hours annually-320 hours for the CFSR form and 480 hours for the 
recommendations follow-up procedures.

    Dated: July 30, 2025.
Christina A. Walsh,
Paperwork Reduction Act Officer, Information Technology, Transportation 
Security Administration.
[FR Doc. 2025-14652 Filed 8-1-25; 8:45 am]
BILLING CODE 9110-05-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>