89 FR 225 pgs. 92141-92142 - Revision of a Currently Approved Information Collection for Chemical-Terrorism Vulnerability Information (CVI)
Type: NOTICEVolume: 89Number: 225Pages: 92141 - 92142
Pages: 92141, 92142Docket number: [Docket No. CISA-2024-0023]
FR document: [FR Doc. 2024-27287 Filed 11-20-24; 8:45 am]
Agency: Homeland Security Department
Official PDF Version: PDF Version
[top]
DEPARTMENT OF HOMELAND SECURITY
[Docket No. CISA-2024-0023]
Revision of a Currently Approved Information Collection for Chemical-Terrorism Vulnerability Information (CVI)
AGENCY:
Cybersecurity and Infrastructure Security Agency, DHS.
ACTION:
30-Day notice and request for comments; renewal of Information Collection Request (ICR): 1670-0015.
SUMMARY:
The Infrastructure Security Division (ISD) within the Cybersecurity and Infrastructure Security Agency (CISA) will submit the following Information Collection Request to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995. The submission proposes to renew the information collection for an additional three years and to update both the burden estimates and the statutory authority for the information collection. CISA previously published this ICR in the Federal Register on September 13, 2024, for a 60-day public comment period. One unrelated public comment was submitted. 1 The purpose of this notice is to allow additional 30 days for public comments.
Footnotes:
1 ?The unrelated public comment may be viewed at https://www.regulations.gov/comment/CISA-2024-0023-0002.
DATES:
Comments will be accepted until December 23, 2024.
ADDRESSES:
Written comments and recommendations for the proposed information collection should be sent within 30 days of publication of this notice to www.reginfo.gov/public/do/PRAMain. Find this particular information collection by selecting "Currently under 30-day Review-Open for Public Comments" or by using the search function. All submissions received must include the agency name "CISA" and docket number CISA-2024-0023.
Comments that include trade secrets, confidential commercial or financial information, Chemical-terrorism Vulnerability Information (CVI), 2 Sensitive Security Information (SSI), 3 or Protected Critical Infrastructure Information (PCII)? 4 should be coordinated with the point of contact for this notice provided in the FOR FURTHER INFORMATION CONTACT section.
Footnotes:
2 ?For more information about CVI see 6 CFR 27.400 and the CVI Procedural Manual at www.dhs.gov/publication/safeguarding-cvi-manual.
3 ?For more information about SSI see 49 CFR part 1520 and the SSI Program web page at www.tsa.gov/for-industry/sensitive-security-information.
4 ?For more information about PCII see 6 CFR part 29 and the PCII Program web page at www.dhs.gov/pcii-program.
The Office of Management and Budget is particularly interested in comments which:
1. Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;
2. Evaluate the accuracy of the agency's estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used;
3. Enhance the quality, utility, and clarity of the information to be collected; and
4. Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submissions of responses.
FOR FURTHER INFORMATION CONTACT:
Annie Hunziker Boyer, 703-603-5000, CISARegulations@mail.cisa.dhs.gov .
SUPPLEMENTARY INFORMATION:
The Chemical Facility Anti-Terrorism Standards (CFATS) Program identified and regulated the security of high-risk chemical facilities using a risk-based approach. Pursuant to section 5 of the Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2014 (Pub. L. 113-254, as amended by Pub. L. 116-150; 6 U.S.C. 621 note), authorization had been granted for CFATS until July 27, 2023. Congress did not act to reauthorize the program in time and, as such, the authorization expired on July 28, 2023. Therefore, regulations written pursuant to CFATS authority are not currently active. While regulatory text for the CFATS regulation, including information protection requirements, is located in part 27 of title 6 of the Code of Federal Regulations (CFR), the text is inactive due to the lapse in authority.
CISA continues to possess and safeguard the information provided to CISA under the CFATS program prior to the program's lapse in authority on July 28, 2023. CISA also continues to receive requests for these government records and has continued to treat any information previously designated as CVI prior to the July 28, 2023 lapse consistent with the previously established CVI information handling protection regime. As a result, prior to granting access to information safeguarded as CVI, CISA verifies that the requestor is a CVI Authorized User. If that requestor has a need to know but is not a CVI Authorized User, CISA will provide the requestor with CVI training. The requestor then submits an application to become a CVI Authorized User.
CISA is authorized to safeguard information provided to CISA under CFATS prior to July 28, 2023 under 6 U.S.C. 652(e)(1)(J), which grants CISA the authority to safeguard information from unauthorized disclosure and to ensure that the information is handled and used only for the performance of official duties. 5
Footnotes:
5 ?6 U.S.C. 652(e)(1)(J): (J) To ensure that any material received pursuant to this chapter is protected from unauthorized disclosure and handled and used only for the performance of official duties.
[top] It is the Administration's position that CFATS should be reauthorized. However, even without statutory reauthorization, there is both a reason to
The current information collection for the CVI program (IC 1670-0015) will expire on November 30, 2024.
CISA proposes three revisions from the previously approved collection. Specifically, to renew the information collection for an additional three years, increase the loaded average hourly wage rate of respondents from $79.75 to $101.87 based on updated BLS wage and compensation data, and to cite 6 U.S.C. 652(e)(1)(J) as its statutory authority rather than 6 U.S.C. 623.
This process is conducted in accordance with 5 CFR 1320.8.
CISA's Methodology in Estimating the Burden for the Chemical-Terrorism Vulnerability Information Authorization
Number of Respondents
The current information collection estimated that 20,000 respondents submit a request to become a CVI Authorized User Number annually. The table below provides the number of respondents over the past three years ( i.e., Calendar Year (CY) 2020 through CY 2022).
| CY 2020 | CY 2021 | CY 2022 | |
|---|---|---|---|
| Number of Respondents | 11,444 | 12,931 | 14,252 |
Due to past fluctuations and uncertainty regarding the number of future respondents, CISA believes that 20,000 continues to be a reasonable estimate when CFATS is reauthorized. Therefore, CISA proposes to retain the estimated annual number of respondents.
Estimated Time per Respondent
In the current information collection, the estimated time per respondent to prepare and submit a CVI Authorization is 0.50 hours (30 minutes). CISA proposes to retain the estimated time per respondent.
Annual Burden Hours
The annual burden hours for the CVI Authorization is [0.50 hours × 20,000 respondents × 1 response per respondent], which equals 10,000 hours.
Total Capital/Startup Burden Cost
Prior to the expiration of CFATS' statutory authorization, the instrument through which the information was collected electronically was a web interface incorporated into CISA's Chemical Security Assessment Tool (CSAT). Since the lapse, and until reauthorization, the instrument is a PDF form sent via email to respondents. The PDF form is filled out by respondents and returned to CISA via email. When the CFATS program is reauthorized, a web-enabled interface will be made accessible to the public. Thus, for the purposes of this notice, CISA continues to assume there is no annualized capital or start-up costs incurred by respondents for this information collection.
Total Recordkeeping Burden
There are no recordkeeping burden costs incurred by respondents for this information collection.
Total Annual Burden Cost
CISA assumes that respondents are generally Site Security Officers (SSOs), although other types of respondents may also complete this instrument ( e.g., State, and local government employees and contractors). For the purpose of this notice, CISA maintains this assumption. To estimate the total annual burden, CISA multiplied the annual burden of 10,000 hours by the loaded average hourly wage rate of SSOs of $101.87 per hour. 6 Therefore, the total annual burden cost for the CVI Authorization instrument is $1,018,700 [10,000 total annual burden hours × $101.87 per hour].
Footnotes:
6 ?The wage used for an SSO equals that of Managers, All (11-9199), with a load factor of 1.4481 to account for benefits in addition to wages https://www.bls.gov/oes/2023/may/oes119199.htm. The load factor is estimated by dividing total compensation by total wages and salaries for the Management, Professional and Related series ($72/$49.72), which can be found at https://www.bls.gov/news.release/ecec.t04.htm.
Analysis
Agency: Department of Homeland Security, Cybersecurity and Infrastructure Agency, Infrastructure Security Division.
Title: CFATS Chemical-terrorism Vulnerability Information.
OMB Number: 1670-0015.
Instrument: Chemical-terrorism Vulnerability Information Training and Authorized User Application.
Frequency: "On occasion" and "Other".
Affected Public: Business or other for-profit.
Number of Respondents: 20,000 respondents (rounded estimate).
Estimated Time per Respondent: 0.50 hours.
Total Burden Hours: 10,000 annual burden hours.
Total Burden Cost (capital/startup): $0.
Total Recordkeeping Burden: $0.
Total Burden Cost: $1,001,275.
Robert J. Costello,
Chief Information Officer, Department of Homeland Security, Cybersecurity and Infrastructure Security Agency.
[FR Doc. 2024-27287 Filed 11-20-24; 8:45 am]
BILLING CODE 9111-LF-P