Agency Information Collection Activities: National Initiative for Cybersecurity Careers and Studies Cybersecurity Education and Training Catalog Collection

Issuing agencies

Abstract

NICCS within CISA will submit the following Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995. CISA previously published this information collection request (ICR) in the Federal Register on June 20, 2024, for a 60-day public comment period. No comments were received by CISA. The purpose of this notice is to allow additional 30-days for public comments.

Full Text

<html>
<head>
<title>Federal Register, Volume 90 Issue 170 (Friday, September 5, 2025)</title>
</head>
<body><pre>
[Federal Register Volume 90, Number 170 (Friday, September 5, 2025)]
[Notices]
[Pages 42977-42978]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2025-17049]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. CISA-2024-0016]


Agency Information Collection Activities: National Initiative for 
Cybersecurity Careers and Studies Cybersecurity Education and Training 
Catalog Collection

AGENCY: Cybersecurity and Infrastructure Security Agency (CISA), 
Department of Homeland Security (DHS).

ACTION: 30-Day notice and request for comments; revised information 
collection request, 1670-0030.

-----------------------------------------------------------------------

SUMMARY: NICCS within CISA will submit the following Information 
Collection Request (ICR) to the Office of Management and Budget (OMB) 
for review and clearance in accordance with the Paperwork Reduction Act 
of 1995. CISA previously published this information collection request 
(ICR) in the Federal Register on June 20, 2024, for a 60-day public 
comment period. No comments were received by CISA. The purpose of this 
notice is to allow additional 30-days for public comments.

DATES: Comments are encouraged and will be accepted until October 6, 
2025. This process is conducted in accordance with 5 CFR 1320.10

ADDRESSES: You may submit comments, identified by docket number CISA-
2024-0016, at: Federal eRulemaking Portal: <a href="http://www.regulations.gov">http://www.regulations.gov</a>. 
Please follow the instructions for submitting comments. Instructions: 
All submissions received must include the agency name and docket number 
CISA-2024-0016. All comments received will be posted without change to 
<a href="http://www.regulations.gov">http://www.regulations.gov</a>, including any personal information 
provided. Docket: For access to the docket to read background documents 
or comments received, go to <a href="http://www.regulations.gov">http://www.regulations.gov</a>.

FOR FURTHER INFORMATION CONTACT: Shannon Nguyen, 703-705-6246, 
<a href="/cdn-cgi/l/email-protection#bac9d2dbd4d4d5d494d4ddcfc3dfd4fad9d3c9db94ded2c994ddd5cc"><span class="__cf_email__" data-cfemail="9fecf7fef1f1f0f1b1f1f8eae6faf1dffcf6ecfeb1fbf7ecb1f8f0e9">[email&#160;protected]</span></a>.

SUPPLEMENTARY INFORMATION: The Cybersecurity and Infrastructure 
Security Agency (CISA) Office of the Chief Learning Officer (OCLO) 
National Initiative for Cybersecurity Careers and Studies (NICCS) 
Training Catalog Batch Data seeks to collect information from 
organizations and academic institutions regarding their course specific 
technical information to NICCS regarding how their training courses map 
to the National Initiative for Cybersecurity (NICE) Workforce Framework 
for Cybersecurity (NICE Framework) Specialty Areas. The NICCS website 
is a national online resource for cybersecurity awareness, education, 
talent management, and professional development and training. Its 
mission is to provide comprehensive cybersecurity resources to the 
public. To promote cybersecurity education, and to provide a 
comprehensive resource for the Nation, NICCS developed the 
Cybersecurity Training and Education Catalog. The NICCS Education and 
Training Catalog is a central location to help cybersecurity 
professionals of all skill levels find cybersecurity-related courses 
online and in person across the nation. All of the courses are aligned 
to the specialty areas of The Workforce Framework for Cybersecurity 
(NICE Framework). Organizations and or academic institution interested 
in listing courses with NICCS are requested to complete a vendor 
vetting process in order to be considered for inclusion in the NICCS 
education and Training Catalog. Once approved, organizations and 
academic institutions are asked to provide technical information 
(``training catalog batch data'') to NICCS regarding how their training 
courses map to the National Initiative for Cybersecurity Education 
(NICE) Workforce Framework for Cybersecurity (NICE Framework) Specialty 
Areas. Course mapping to these Specialty Areas allows users to tailor 
their individual coursework and is dependent upon the training catalog 
batch data to do so. The training catalog batch data is technical in 
nature, is not privacy sensitive, and does not include personally 
identifiable information. The training catalog batch data is submitted 
to the CISA NICCS Supervisory Office (SO) for review. Then upon further 
review and approval, the organization/academic institution's course is 
listed in the NICCS Education and Training Catalog. The cyber-specific 
authorities to receive such information support the Department's 
general authority to receive information from any federal or non-
federal entity in support of the mission responsibilities of the 
Department. Section 201 of the

[[Page 42978]]

Homeland Security Act authorizes the Secretary ``[t]o access, receive, 
and analyze law enforcement information, intelligence information, and 
other information from agencies of the Federal Government, State and 
local government agencies (including law enforcement agencies), and 
private sector entities, and to integrate such information, in support 
of the mission responsibilities of the Department.'' 6 U.S.C. 
121(d)(1); see also 6 U.S.C. 121(d)(12). The following authorities also 
permit DHS to collect this information: Federal Information Security 
Management Act of 2002 (FISMA), 44 U.S.C. 3546; Presidential Policy 
Directive (PPD)-21, Critical Infrastructure Identification, 
Prioritization, and Protection (2003); and National Security 
Presidential Directive (NSPD)-54/HSPD-23, Cybersecurity Policy (2009). 
Note: Any information received from the public in support of the NICCS 
Cybersecurity Training and Education Catalog is completely voluntary. 
Organizations and individuals who do not provide information can still 
utilize the NICCS website and Catalog without restriction or penalty. 
An organization or individual who wants their information removed from 
the NICCS website and/or Cybersecurity Training and Education Catalog 
can email the NICCS Supervisory Office. There are no requirements for a 
provider to fill out a specific form for their information to be 
removed; standard email requests will be honored. The Office of 
Management and Budget is particularly interested in comments which:
    1. Evaluate whether the proposed collection of information is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    2. Evaluate the accuracy of the agency's estimate of the burden of 
the proposed collection of information, including the validity of the 
methodology and assumptions used;
    3. Enhance the quality, utility, and clarity of the information to 
be collected; and
    4. Minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology, e.g., permitting electronic 
submissions of responses.

Analysis

    CISA OCLO seeks to utilize four separate forms in order to collect 
the requested information from organizations and academic institutions. 
CISA OCLO will use the NICCS Cybersecurity Training Course Form and the 
NICCS Cybersecurity Certification Form to collect information via a 
publicly accessible website called the National Initiative for 
Cybersecurity Careers and Studies (NICCS) website (<a href="https://niccs.cisa.gov">https://niccs.cisa.gov</a>). Collected information from these two forms will be 
included in the Cybersecurity Training and Education Catalog that is 
hosted on the NICCS website. Requested information categories in these 
forms include the training providers name, course title, course 
description, course length, course modality, among other course 
information useful for users. The NICCS Supervisory Office will use 
information collected from the NICCS Vendor Vetting Form to primarily 
manage communications with the training/workforce development 
providers; this collected information will not be shared with the 
public and is intended for internal use only. Additionally, this 
information will be used to validate training providers before 
uploading their training and certification information to the Training 
Catalog. Requested information in the NICCS Vendor Vetting form include 
vendor name, address, points of contact and a few multiple-choice 
questions to ensure they are a legitimate business. The NICCS 
Supervisory Office will use information collected from the NICCS 
Mapping Tool Form to provide an end user with information of how their 
position or job title aligns to the new Cybersecurity Framework 1.1. 
This collection of inputs and output (in the form of a report) will be 
savable by the end user on their computer to be uploaded at a later 
time for further use if required. This collected information will not 
be shared with the public and is intended for internal use only. 
Requested information in the NICCS Mapping form include: Selecting 
various work roles (based on the NICE Framework), selecting tasks 
required for that work role, and including job description details. The 
information will be collected via fully electronic web forms or 
partially electronic via email. Collection will be coordinated between 
the public and NICCS via email.
    The following forms are fully electronic:

<bullet> NICCS Vendor Vetting Web Form
<bullet> NICCS Cybersecurity Training Course Web Form
<bullet> NICCS Mapping Tool Web Form

    The following forms are partially electronic:

<bullet> NICCS Certification Course Form

    All information collected from the NICCS Cybersecurity Training 
Course Web Form, and the NICCS Certification Course Form will be stored 
in the public accessible NICCS Cybersecurity Training and Education 
Catalog (<a href="https://niccs.cisa.gov/educationtraining/catalog">https://niccs.cisa.gov/educationtraining/catalog</a>).
    The NICCS Supervisory Office will electronically store information 
collected via the NICCS Vendor Vetting Form. This information collected 
will not be publicly accessible. Information collected for the NICCS 
Certification Course Form is collected via email in a CSV format, and 
then compiled by the NICCS staff for upload to the NICCS Education and 
Training Catalog.
    Information collected by the NICCS Mapping Tool is not being stored 
by NICCS. The information collected will not be publicly accessible. 
Users have the option of saving their input and results to be used at a 
later time, and the information would only be stored the user's device.

Analysis

    Agency: Cybersecurity and Infrastructure Security Agency (CISA), 
Department of Homeland Security (DHS)
    Title: Revised Collection.
    OMB Number: 1670-0030.
    Frequency: Annually.
    Affected Public: General Public.
    Number of Respondents: 500.
    Estimated Time Per Respondent: 0.775 Hours.
    Total Burden Hours: 387.5.
    Annualized Respondent Cost: $24,482.
    Total Annualized Respondent Out-of-Pocket Cost: $0.
    Total Annualized Government Cost: $161,490.

Robert J. Costello,
Chief Information Officer, Department of Homeland Security, 
Cybersecurity and Infrastructure Security Agency.
[FR Doc. 2025-17049 Filed 9-4-25; 8:45 am]
BILLING CODE 9111-LF-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>