eLaws | eCases | United States Code | Federal Courts |
 Code of Federal Regulations (Last Updated: July 5, 2024)
 Title 6 - Domestic Security
 Chapter I - Department of Homeland Security, Office of the Secretary
 Part 29 - Protected Critical Infrastructure Information

§ 29.1 - Purpose and scope.  

Latest version.

  • § 29.1 Purpose and scope.

    (a) Purpose of this part. This part implements sections 211 through 215 of the Homeland Security the Critical Infrastructure Information Act of 2002 (HSA) through the establishment of CII Act) by establishing uniform procedures for the receipt, care, and storage of Critical Infrastructure Information (CII) voluntarily submitted to the Department of Homeland Security (DHS). Title II, Subtitle B, of the Homeland Security Act is referred to herein as the Critical Infrastructure Information Act of 2002 (CII Act). through CISA. Consistent with the statutory mission of DHS to prevent terrorist attacks within the United States and reduce the vulnerability of the United States to terrorism, DHS CISA will encourage the voluntary submission of CII by safeguarding and protecting that information from unauthorized disclosure and by ensuring that such information is, as necessary, securely shared with State and local government Local governments pursuant to section 214(a) through (g) of the CII Act. As required by the CII Act, these rules establish this part establishes procedures regarding:

    (1) The acknowledgement acknowledgment of receipt by DHS CISA of voluntarily submitted CII;

    (2) The receipt, validation, handling, storage, proper marking, and use of information as PCII;

    (3) The safeguarding and maintenance of the confidentiality of such information , and appropriate sharing of such information with State and local Local governments or government agencies pursuant to section 2146 U.S.C. 673(a) through (g1) of the HSA.

    (

    (E); and

    (4) The issuance of advisories, notices, and warnings related to the protection of critical infrastructure or protected systems in such a manner as to protect, as appropriate, from unauthorized disclosure the source of critical infrastructure information that forms the basis of the warning, and any information that is proprietary or business sensitive, might be used to identify the submitting person or entity, or is otherwise not appropriately in the public domain.

    (b) Scope. The regulations in this part apply This part applies to all persons and entities that are authorized to handle, use, or store PCII , or that otherwise accept receipt of PCII.