[Federal Register Volume 89, Number 203 (Monday, October 21, 2024)]
[Notices]
[Pages 84183-84184]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-24312]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
[Docket No. CISA-2024-0013]
Agency Information Collection Activities: Incident Reporting Form
and Associated Submission Tools (ICR 1670-0037)
AGENCY: Cybersecurity and Infrastructure Security Agency (CISA),
Department of Homeland Security (DHS).
ACTION: 30-Day notice and request for comments.
-----------------------------------------------------------------------
SUMMARY: The Cybersecurity Division (CSD) within the Cybersecurity and
Infrastructure Security Agency (CISA) submits the following information
collection request (ICR) to the Office of Management and Budget (OMB)
for review and clearance. CISA previously published this information
collection request (ICR) in the Federal Register on June 26, 2024, for
a 60-day public comment period. CISA received no comments related to
this information collection during the comment period. The purpose of
this notice is to allow additional 30-days for public comments.
DATES: Comments are encouraged and will be accepted until November 20,
2024. Submissions received after the deadline for receiving comments
may not be considered.
ADDRESSES: Written comments and recommendations for the proposed
information collection should be sent within 30 days of publication of
this notice to www.reginfo.gov/public/do/PRAMain. Find this particular
information collection by selecting ``Currently under 30-day Review--
Open for Public Comments'' or by using the search function.
The Office of Management and Budget is particularly interested in
comments which:
1. Evaluate whether the proposed collection of information is
necessary for the proper performance of the functions of the agency,
including whether the information will have practical utility;
2. Evaluate the accuracy of the agency's estimate of the burden of
the proposed collection of information, including the validity of the
methodology and assumptions used;
3. Enhance the quality, utility, and clarity of the information to
be collected; and
4. Minimize the burden of the collection of information on those
who are to respond, including through the use of appropriate automated,
electronic, mechanical, or other technological collection techniques or
other forms of information technology, e.g., permitting electronic
submissions of responses.
FOR FURTHER INFORMATION CONTACT: Brian DeWyngaert; 202-657-1360;
[email protected].
SUPPLEMENTARY INFORMATION: CISA serves as ``a Federal civilian
interface for the multi-directional and cross-sector sharing of
information related to cyber threat indicators, defensive measures,
cybersecurity risks, incidents, analysis, and warnings for Federal and
non-Federal entities.'' 6 U.S.C. 659(c)(1).
CISA is responsible for performing, coordinating, and supporting
response to information security incidents, which may originate outside
the Federal community and affect users within it, or originate within
the Federal community and affect users outside of it. CISA uses the
information from incident reports to develop timely and actionable
information for distribution to federal departments and agencies;
state, local, tribal and territorial (SLTT) governments; critical
infrastructure owners and operators; private industry; and
international organizations. Often, the effective handling of security
incidents relies on information sharing among individual users,
industry, and the Federal Government, which may be facilitated by and
through CISA.
Pursuant to the Federal Information Security Modernization Act of
2014 (FISMA), 44 U.S.C. 3552 et seq., CISA operates the federal
information security incident center for the United States Federal
Government. 44 U.S.C. 3556. Federal agencies notify and consult with
CISA regarding information security incidents involving federal
information systems. CISA provides federal agencies with technical
assistance and guidance on detecting and handling security incidents,
compile and analyze incident information that threatens information
security, inform agencies of current and potential threats and
vulnerabilities, and provide intelligence or other information about
cyber threats, vulnerabilities, and incidents to agencies. 44 U.S.C.
3556(a). CISA also receives voluntary incident reports from non-federal
entities.
CISA's website (at https://www.cisa.gov/) is a primary tool used by
constituents to report incident information, access information sharing
products and services, and interact with CISA. Constituents, which may
include anyone or any entity in the public, use forms located on the
website to complete these activities. Incident reports are primarily
submitted using CISA's internet reporting system, available at https://www.cisa.gov/forms/report. CISA collects cyber threat indicators and
defensive measures in accordance with the requirements of the
Cybersecurity Information Sharing Act of 2015 through CISA's Cyber
Threat Indicator and Defensive Measure Submission System, https://www.cisa.gov/forms/share-indicators. CISA shares cyber threat
indicators and defensive measures it receives with certain federal
entities in an automated and real-time manner. 6 U.S.C. 1504(c).
By accepting incident reports and feedback, and interacting among
federal agencies, industry, the research community, state and local
governments, and others to disseminate reasoned and actionable
cybersecurity information to the public, CISA has provided a way for
citizens, businesses, and other institutions to communicate and
coordinate directly with the Federal Government about cybersecurity.
The information is collected via the following forms:
1. The Incident Reporting Form, DHS Cyber Threat Indicator and
Defensive Measure Submission System, and Malware Analysis Submission
Form enable end users to report incidents and indicators as well as
submit malware artifacts associated with incidents to CISA. This
information is used by DHS to conduct analyses and provide warnings of
system threats and vulnerabilities, and to develop mitigation
strategies as appropriate. These forms also request the user's name,
email address, organization, and infrastructure sector. The primary
purpose for the collection of this information is to allow DHS to
contact requestors regarding their request.
2. The Mail Lists Form enables end users to subscribe to the
National Cyber Awareness System's mailing lists, which deliver the
content of and links to CISA's information sharing products. The user
must provide an email address in order to subscribe or unsubscribe,
though subscribing or unsubscribing are optional. The primary purpose
for the collection of this information is to allow DHS to contact
requestors regarding their request.
3. The Cyber Security Evaluation Tool (CSET) Download Form, which
requests the name, email address, organization, infrastructure sector,
country, and intended use of those seeking to download the CSET. All
requested fields are optional. The primary purpose for the collection
of this information is to allow DHS to contact requestors regarding
their request.
[[Page 84184]]
Web form submission is also used as the collection method for the
other forms listed. In addition to web-based electronic forms,
information may be collected through email or telephone. These methods
enable individuals, private sector entities, personnel working at other
federal or state agencies, and international entities, including
individuals, companies and other nations' governments to submit
information.
This information collection request is a renewal of an existing
collection of information. There are minor changes to the forms,
questions, or other collection instruments. These changes reflect the
addition of questions for reporting purposes. With this renewal, CISA
is replacing the current Advanced Malware Analysis Capability (AMAC)
submission form with the Malware Analysis Submission Form (``Malware
Next-Gen''), but that form's questions will not change. CISA is also
updating the Incident Reporting Form by removing one question,
modifying some of the existing questions, and adding questions in order
to both improve user experience and help the agency efficiently
categorize incident reporting data. To review the developmental digital
copy of this updated information collection, please contact the POC
listed above in this notice request.
This collection of information will not have a significant economic
impact on a substantial number of small entities. Due to increases in
wage rates, the changes to the collection since the previous OMB
approval include updated burden and cost estimates. The annual burden
cost increased by $42,540, from $543,401 to $585,941. The annual
government cost increased by $610,548, from $1,886,112 to $2,496,660.
Analysis
Agency: Cybersecurity and Infrastructure Security Agency (CISA),
Department of Homeland Security (DHS).
Title: Agency Information Collection Activities: Incident Reporting
Form and Associated Submission Tools.
OMB Number: 1670-0037.
Frequency: Annually.
Affected Public: State, Local, Tribal, and Territorial Governments,
Private Sector, and Academia.
Number of Respondents: 139,125.
Estimated Time per Respondent: 0.3333 hours, 0.1667 hours, or
0.0167 hours.
Total Burden Hours: 13,852 hours.
Total Annual Burden Cost: $585,941.
Total Government Burden Cost: $2,496,660.
Robert J. Costello,
Chief Information Officer, Department of Homeland Security,
Cybersecurity and Infrastructure Security Agency.
[FR Doc. 2024-24312 Filed 10-18-24; 8:45 am]
BILLING CODE 9111-LF-P