AGENCY:

Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS).

ACTION:

60-Day notice of information collection; request for comment; new collection (request for a new OMB Control Number 1670–NEW).

SUMMARY:

CISA Cybersecurity Division (CSD) submits the following information for a new collection request (ICR) to the Office of Management and Budget (OMB) for review and clearance.

DATES:

Comments are encouraged and will be accepted until February 2, 2024. Submissions received after the deadline for receiving comments may not be considered.

ADDRESSES:

You may submit comments, identified by docket number CISA–2023–0023, by the following the instructions below for submitting comments via the Federal eRulemaking Portal at http://www.regulations.gov.

Instructions: All comments received must include the words “Cybersecurity and Infrastructure Security Agency” and docket number CISA–2023–0023 for this notice. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided. Comments submitted in response to this notice may be made available to the public through relevant websites. For this reason, please do not include in your comments information of a confidential nature, such as sensitive personal information or proprietary information. Please note that responses to this public comment request containing any routine notice about the confidentiality of the communication will be treated as public comments that may be made available to the public notwithstanding the inclusion of the routine notice.

Docket: For access to the docket to read background documents or comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

Amy Nicewick, 703–203–0634, CISA.CSD.JCDC_MS-ISAC@cisa.dhs.gov.

SUPPLEMENTARY INFORMATION:

The purpose of the Foundational Cybersecurity Assessment is to guide State, Local, Territorial, and Tribal (SLTT) entities through the first 12–18 months of their cybersecurity plan development. The assessment contains 32 questions that are aligned to the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the Center for internet Security (CIS) CIS Critical Security Controls. Although not directly related, at least 20 of the questions on the Nationwide Cybersecurity Review (NCSR) will be covered by responses to the Foundational Cybersecurity Assessment, allowing it to serve as an excellent “assessment on-ramp” for entities who have not yet been able to tackle and complete the NCSR. The entity participating in the Foundational Cybersecurity Assessment is positioned to take the NCSR and continue their security maturity journey year-over-year following participation in the Foundational Cybersecurity Assessment. CISA is authorized to receive and analyze cyber threat indicators, defensive measures, cybersecurity risks, and incidents, and to use this information to make recommendations to federal and non-federal entities regarding protective and support measures to reduce cyber risk. See 6 U.S.C. 659(c)(1),(9); 652(e)(1)(C). The Foundational Assessment implements these authorities with respect to CISA's analysis of and support to SLTT entities. This is a NEW information collection. OMB is particularly interested in comments that:

1. Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility.

2. Evaluate the accuracy of the agency's estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used.

3. Enhance the quality, utility, and clarity of the information to be collected.

4. Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submissions of responses.

Analysis

Agency: Department of Homeland Security, Cybersecurity and Infrastructure Security Agency.

Title of Collection: Foundational Cybersecurity Assessment.

OMB Control Number: 1670–NEW.

Frequency: Annually.

Affected Public: State, Local, Tribal, and Territorial entities.

Number of Respondents for Foundational Assessment: 100.

Estimated Time per Respondent Respondents for Foundational Assessment: 1 hour.

Total Burden Hours: 100.

Annualized Respondent Cost: $7,541.

Total Annualized Respondent Out-of-Pocket Cost: $0.

Total Annualized Government Cost: $182,459.