[Federal Register Volume 87, Number 23 (Thursday, February 3, 2022)]
[Notices]
[Page 6195]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-02171]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY


Notice of the Establishment of the Cyber Safety Review Board

AGENCY: Department of Homeland Security (DHS), Cybersecurity and 
Infrastructure Security Agency (CISA).

ACTION: Notice of new review board establishment.

-----------------------------------------------------------------------

SUMMARY: The Secretary of Homeland Security (Secretary), in 
consultation with the Attorney General, is establishing the Cyber 
Safety Review Board (CSRB) as directed by the Executive Order titled, 
Improving the Nation's Cybersecurity, and pursuant to the Homeland 
Security Act of 2002. DHS is announcing the establishment of the CSRB, 
a new review board, for public awareness.

FOR FURTHER INFORMATION CONTACT: Erin McJeon, 202-819-6196 or 
[email protected].

SUPPLEMENTARY INFORMATION: The Secretary, in consultation with the 
Attorney General, chartered the CSRB as directed by Executive Order 
14028 and pursuant to 6 U.S.C. 451. The CSRB, which was chartered on 
September 21, 2021, will operate in an advisory capacity only.
    The CSRB will convene following significant cyber incidents that 
trigger the establishment of a Cyber Unified Coordination Group as 
provided by section V(B)(2) of Presidential Policy Directive (PPD) 41; 
at any time as directed by the President acting through the Assistant 
to the President for National Security Affairs (APNSA); or at any time 
the Secretary or CISA Director deems necessary. Upon completion of its 
review of an applicable incident, the CSRB may develop advice, 
information, or recommendations for the Secretary for improving 
cybersecurity and incident response practices and policy. The 
Secretary, in consultation with the Attorney General, shall provide to 
the President, through the APNSA, any advice, information, and 
recommendations of the CSRB for improving cybersecurity and incident 
response practices and policy.
    Whenever possible, the CSRB's advice, information, or 
recommendations will be made publicly available, with any appropriate 
redactions, consistent with applicable law and the need to protect 
sensitive information from disclosure.
    Some of the issues the CSRB will address may require members to 
have access to classified information as well as sensitive law 
enforcement, operational, business, and other confidential information.
    In recognition of the sensitive material utilized in CSRB 
activities and discussions, the Secretary has exempted the CSRB from 
Public Law 92-463, The Federal Advisory Committee Act, 5 U.S.C. app.
    Membership: The CSRB shall be composed of no more than 20 members 
who are appointed by the CISA Director, in coordination with the DHS 
Under Secretary for Strategy, Policy, and Plans. The DHS Under 
Secretary for Strategy, Policy, and Plans shall serve as the inaugural 
Chair of the CSRB for a term of two years. Members will include at 
least one representative from the Department of Defense, the Department 
of Justice, DHS, CISA, the National Security Agency, and the Federal 
Bureau of Investigation. CSRB members will also include individuals 
from private sector entities to include appropriate cybersecurity or 
software suppliers.
    Non-governmental members who serve on the CSRB will serve as 
Special Government Employees as defined in 18 U.S.C. 202(a). Members 
may be required to sign a non-disclosure agreement. Members may also be 
required to obtain a security clearance. Members shall consist of 
subject matter experts from appropriate professions and diverse 
communities nationwide, be geographically balanced, and shall include 
representatives of a broad and inclusive range of industries.
    A representative from the Office of Management and Budget shall 
participate in CSRB activities when an incident under review involves 
Federal Civilian Executive Branch (FCEB) Information Systems, as 
determined by the CISA Director, and other individuals may be invited 
to participate in CSRB activities on a case-by-case basis depending on 
the nature of the incident under review.
    Duration: Unless otherwise directed by the President, the Secretary 
may extend the life of the CSRB every two years as the Secretary deems 
appropriate, pursuant to 6 U.S.C. 451.

Alejandro N. Mayorkas,
Secretary, Department of Homeland Security.
[FR Doc. 2022-02171 Filed 2-2-22; 8:45 am]
BILLING CODE 9110-9P-P