[Federal Register Volume 89, Number 119 (Thursday, June 20, 2024)]
[Notices]
[Pages 51892-51894]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-13471]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
[Docket No. CISA-2024-0016]
Agency Information Collection Activities: National Initiative for
Cybersecurity Careers and Studies Cybersecurity Education and Training
Catalog Collection
AGENCY: Cybersecurity and Infrastructure Security Agency (CISA),
Department of Homeland Security (DHS).
ACTION: 60-Day notice and request for comments; revised information
collection request: 1670-0030.
-----------------------------------------------------------------------
SUMMARY: NICCS within CISA will submit the following Information
Collection Request (ICR) to the Office of Management and Budget (OMB)
for review and clearance.
DATES: Comments are encouraged and will be accepted until August 19,
2024. Submissions received after the deadline for receiving comments
may not be considered.
ADDRESSES: You may submit comments, identified by docket number CISA-
2024-0016, at: Federal eRulemaking Portal: http://www.regulations.gov.
Please follow the instructions for submitting comments.
Instructions: All submissions received must include the agency name
and docket number CISA-2024-0016. All comments received will be posted
without change to http://www.regulations.gov, including any personal
information provided.
Docket: For access to the docket to read background documents or
comments received, go to http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Shannon Nguyen, 703-705-6246,
[email protected].
SUPPLEMENTARY INFORMATION: The Cybersecurity and Infrastructure
Security Agency (CISA) Office of the Chief Learning Officer (OCLO)
National Initiative for Cybersecurity Careers and Studies (NICCS)
Training Catalog Batch Data seeks to collect information from
organizations and academic institutions regarding their course specific
technical information to NICCS regarding how their training courses map
to the National Initiative for Cybersecurity (NICE) Workforce Framework
for Cybersecurity (NICE Framework) Specialty Areas.
The NICCS website is a national online resource for cybersecurity
awareness, education, talent management, and professional
[[Page 51893]]
development and training. Its mission is to provide comprehensive
cybersecurity resources to the public.
To promote cybersecurity education, and to provide a comprehensive
resource for the Nation, NICCS developed the Cybersecurity Training and
Education Catalog. The NICCS Education and Training Catalog is a
central location to help cybersecurity professionals of all skill
levels find cybersecurity-related courses online and in person across
the nation. All of the courses are aligned to the specialty areas of
The Workforce Framework for Cybersecurity (NICE Framework).
Organizations and or academic institution interested in listing courses
with NICCS are requested to complete a vendor vetting process in order
to be considered for inclusion in the NICCS education and Training
Catalog. Once approved, organizations and academic institutions are
asked to provide technical information (``training catalog batch
data'') to NICCS regarding how their training courses map to the
National Initiative for Cybersecurity Education (NICE) Workforce
Framework for Cybersecurity (NICE Framework) Specialty Areas. Course
mapping to these Specialty Areas allows users to tailor their
individual coursework and is dependent upon the training catalog batch
data to do so. The training catalog batch data is technical in nature,
is not privacy sensitive, and does not include personally identifiable
information. The training catalog batch data is submitted to the CISA
NICCS Supervisory Office (SO) for review. Then upon further review and
approval, the organization/academic institution's course is listed in
the NICCS Education and Training Catalog.
The cyber-specific authorities to receive such information support
the Department's general authority to receive information from any
federal or non-federal entity in support of the mission
responsibilities of the Department. Section 201 of the Homeland
Security Act authorizes the Secretary ``[t]o access, receive, and
analyze law enforcement information, intelligence information, and
other information from agencies of the Federal Government, State and
local government agencies (including law enforcement agencies), and
private sector entities, and to integrate such information, in support
of the mission responsibilities of the Department.'' 6 U.S.C.
121(d)(1); see also 6 U.S.C. 121(d)(12). The following authorities also
permit DHS to collect this information: Federal Information Security
Management Act of 2002 (FISMA), 44 U.S.C. 3546; Presidential Policy
Directive (PPD)-21, Critical Infrastructure Identification,
Prioritization, and Protection (2003); and National Security
Presidential Directive (NSPD)-54/HSPD-23, Cybersecurity Policy (2009).
Note: Any information received from the public in support of the
NICCS Cybersecurity Training and Education Catalog is completely
voluntary. Organizations and individuals who do not provide information
can still utilize the NICCS website and Catalog without restriction or
penalty. An organization or individual who wants their information
removed from the NICCS website and/or Cybersecurity Training and
Education Catalog can email the NICCS Supervisory Office. There are no
requirements for a provider to fill out a specific form for their
information to be removed; standard email requests will be honored.
The Office of Management and Budget is particularly interested in
comments which:
1. Evaluate whether the proposed collection of information is
necessary for the proper performance of the functions of the agency,
including whether the information will have practical utility;
2. Evaluate the accuracy of the agency's estimate of the burden of
the proposed collection of information, including the validity of the
methodology and assumptions used;
3. Enhance the quality, utility, and clarity of the information to
be collected; and
4. Minimize the burden of the collection of information on those
who are to respond, including through the use of appropriate automated,
electronic, mechanical, or other technological collection techniques or
other forms of information technology, e.g., permitting electronic
submissions of responses.
Analysis
CISA OCLO seeks to utilize four separate forms in order to collect
the requested information from organizations and academic institutions.
CISA OCLO will use the NICCS Cybersecurity Training Course Form and the
NICCS Cybersecurity Certification Form to collect information via a
publicly accessible website called the National Initiative for
Cybersecurity Careers and Studies (NICCS) website (https://niccs.cisa.gov). Collected information from these two forms will be
included in the Cybersecurity Training and Education Catalog that is
hosted on the NICCS website. Requested information categories in these
forms include the training providers name, course title, course
description, course length, course modality, among other course
information useful for users.
The NICCS Supervisory Office will use information collected from
the NICCS Vendor Vetting Form to primarily manage communications with
the training/workforce development providers; this collected
information will not be shared with the public and is intended for
internal use only. Additionally, this information will be used to
validate training providers before uploading their training and
certification information to the Training Catalog. Requested
information in the NICCS Vendor Vetting form include vendor name,
address, points of contact and a few multiple-choice questions to
ensure they are a legitimate business.
The NICCS Supervisory Office will use information collected from
the NICCS Mapping Tool Form to provide an end user with information of
how their position or job title aligns to the new Cybersecurity
Framework 1.1. This collection of inputs and output (in the form of a
report) will be savable by the end user on their computer to be
uploaded at a later time for further use if required. This collected
information will not be shared with the public and is intended for
internal use only. Requested information in the NICCS Mapping form
include: Selecting various work roles (based on the NICE Framework),
selecting tasks required for that work role, and including job
description details.
The information will be collected via fully electronic web forms or
partially electronic via email. Collection will be coordinated between
the public and NICCS via email.
The following forms are fully electronic:
NICCS Vendor Vetting Web Form
NICCS Cybersecurity Training Course Web Form
NICCS Mapping Tool Web Form
The following forms are partially electronic:
NICCS Certification Course Form
All information collected from the NICCS Cybersecurity Training
Course Web Form, and the NICCS Certification Course Form will be stored
in the public accessible NICCS Cybersecurity Training and Education
Catalog (https://niccs.cisa.gov/education-training/catalog).
The NICCS Supervisory Office will electronically store information
collected via the NICCS Vendor Vetting Form. This information collected
will not be publicly accessible. Information collected for the NICCS
Certification Course Form is collected via email in a
[[Page 51894]]
CSV format, and then compiled by the NICCS staff for upload to the
NICCS Education and Training Catalog.
Information collected by the NICCS Mapping Tool is not being stored
by NICCS. The information collected will not be publicly accessible.
Users have the option of saving their input and results to be used at a
later time, and the information would only be stored the user's device.
Analysis
Agency: Cybersecurity and Infrastructure Security Agency (CISA),
Department of Homeland Security (DHS).
Title: National Initiative for Cybersecurity Careers and Studies
Cybersecurity Education and Training Catalog Collection.
OMB Number: 1670-0030.
Frequency: Annually.
Affected Public: General Public.
Number of Respondents: 500.
Estimated Time per Respondent: 0.775 Hours.
Total Burden Hours: 387.5.
Annualized Respondent Cost: $24,482.
Total Annualized Respondent Out-of-Pocket Cost: $0.
Total Annualized Government Cost: $161,490.
Robert J. Costello,
Chief Information Officer, Department of Homeland Security,
Cybersecurity and Infrastructure Security Agency.
[FR Doc. 2024-13471 Filed 6-18-24; 8:45 am]
BILLING CODE 9111-LF-P