[Federal Register Volume 88, Number 231 (Monday, December 4, 2023)]
[Notices]
[Page 84162]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-26543]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. CISA-2023-0023]


Agency Information Collection Activities; Submission to the 
Office of Management and Budget for Review and Approval; Comment 
Request; Foundational Cybersecurity Assessment

AGENCY: Cybersecurity and Infrastructure Security Agency (CISA), 
Department of Homeland Security (DHS).

ACTION: 60-Day notice of information collection; request for comment; 
new collection (request for a new OMB Control Number 1670-NEW).

-----------------------------------------------------------------------

SUMMARY: CISA Cybersecurity Division (CSD) submits the following 
information for a new collection request (ICR) to the Office of 
Management and Budget (OMB) for review and clearance.

DATES: Comments are encouraged and will be accepted until February 2, 
2024. Submissions received after the deadline for receiving comments 
may not be considered.

ADDRESSES: You may submit comments, identified by docket number CISA-
2023-0023, by the following the instructions below for submitting 
comments via the Federal eRulemaking Portal at http://www.regulations.gov.
    Instructions: All comments received must include the words 
``Cybersecurity and Infrastructure Security Agency'' and docket number 
CISA-2023-0023 for this notice. All comments received will be posted 
without change to http://www.regulations.gov, including any personal 
information provided. Comments submitted in response to this notice may 
be made available to the public through relevant websites. For this 
reason, please do not include in your comments information of a 
confidential nature, such as sensitive personal information or 
proprietary information. Please note that responses to this public 
comment request containing any routine notice about the confidentiality 
of the communication will be treated as public comments that may be 
made available to the public notwithstanding the inclusion of the 
routine notice.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Amy Nicewick, 703-203-0634, 
[email protected].

SUPPLEMENTARY INFORMATION: The purpose of the Foundational 
Cybersecurity Assessment is to guide State, Local, Territorial, and 
Tribal (SLTT) entities through the first 12-18 months of their 
cybersecurity plan development. The assessment contains 32 questions 
that are aligned to the National Institute of Standards and Technology 
(NIST) Cybersecurity Framework and the Center for internet Security 
(CIS) CIS Critical Security Controls. Although not directly related, at 
least 20 of the questions on the Nationwide Cybersecurity Review (NCSR) 
will be covered by responses to the Foundational Cybersecurity 
Assessment, allowing it to serve as an excellent ``assessment on-ramp'' 
for entities who have not yet been able to tackle and complete the 
NCSR. The entity participating in the Foundational Cybersecurity 
Assessment is positioned to take the NCSR and continue their security 
maturity journey year-over-year following participation in the 
Foundational Cybersecurity Assessment. CISA is authorized to receive 
and analyze cyber threat indicators, defensive measures, cybersecurity 
risks, and incidents, and to use this information to make 
recommendations to federal and non-federal entities regarding 
protective and support measures to reduce cyber risk. See 6 U.S.C. 
659(c)(1),(9); 652(e)(1)(C). The Foundational Assessment implements 
these authorities with respect to CISA's analysis of and support to 
SLTT entities. This is a NEW information collection. OMB is 
particularly interested in comments that:
    1. Evaluate whether the proposed collection of information is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility.
    2. Evaluate the accuracy of the agency's estimate of the burden of 
the proposed collection of information, including the validity of the 
methodology and assumptions used.
    3. Enhance the quality, utility, and clarity of the information to 
be collected.
    4. Minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology, e.g., permitting electronic 
submissions of responses.

Analysis

    Agency: Department of Homeland Security, Cybersecurity and 
Infrastructure Security Agency.
    Title of Collection: Foundational Cybersecurity Assessment.
    OMB Control Number: 1670-NEW.
    Frequency: Annually.
    Affected Public: State, Local, Tribal, and Territorial entities.
    Number of Respondents for Foundational Assessment: 100.
    Estimated Time per Respondent Respondents for Foundational 
Assessment: 1 hour.
    Total Burden Hours: 100.
    Annualized Respondent Cost: $7,541.
    Total Annualized Respondent Out-of-Pocket Cost: $0.
    Total Annualized Government Cost: $182,459.

Robert J. Costello,
Chief Information Officer, Cybersecurity and Infrastructure Security 
Agency, Department of Homeland Security.
[FR Doc. 2023-26543 Filed 12-1-23; 8:45 am]
BILLING CODE 9110-9P-P