Agency Information Collection Activities; Proposals, Submissions, and Approvals: Cybersecurity and Infrastructure Security Agency Gateway User Registration

Agency Information Collection Activities: CISA Gateway User Registration

Dates

Comments are due by June 24, 2024. Submissions received after the deadline for receiving comments may not be considered.

Supplementary Information

The Homeland Security Presidential Directive-7, Presidential Policy Directive-21, and the National Infrastructure Protection Plan highlight the need for a centrally managed repository of infrastructure attributes capable of assessing risks and facilitating data sharing. The Critical Infrastructure Information Act of 2002 and Title 6 Code of Federal Regulation part 29 direct an information protection program and a system to record the receipt, acknowledgement, and validation of submitted critical infrastructure information (CII), as well as storage, dissemination, and destruction of original Protected Critical Infrastructure Information (PCII). To support these missions, the DHS CISA ISD developed the CISA Gateway and the Protected Critical Infrastructure Information Management System (PCIIMS). The CISA Gateway and PCIIMS contain several capabilities which support the homeland security mission in the area of critical infrastructure (CI) and information protection.

The purpose of this collection is to gather the details pertaining to the users of the CISA Gateway and PCIIMS for the purpose of creating accounts to access the CISA Gateway and PCIIMS. This information is also used to verify a need to know to access the CISA Gateway and PCIIMS. After being vetted and granted access, users are prompted and required to take an online training course upon first logging into the system. After completing the training, users are permitted full access to the systems. In addition, this collection will gather feedback from the users of the CISA Gateway to determine any future system improvements.

The information gathered will be used by the CISA Gateway Program Management Team and the PCII Program Office for PCIIMS to vet users for a need to know and grant access to the system. For the CISA Gateway, as part of the registration process, users are required to take a one-time online training course. When logging into the system for the first time, the system prompts users to take the training courses. Users cannot opt out of the training and are required to take the course in order to gain and maintain access to the system. When users complete the training, the system automatically logs that the training is complete and allows full access to the system. For PCIIMS, after registration and vetting, users are directed to take PCII Authorized User training, which must be retaken annually to maintain their active status.

The collection of information uses automated electronic forms. During the online registration process, there is an electronic form used to create a user account and an online training course required to grant access.

The collection was initially approved on October 9, 2007, and the most recent approval was on December 19, 2023, with an expiration date of June 30, 2024. The changes to the collection since the previous OMB approval include; updating the title of the collection, decrease in burden estimates and decrease in costs The total annual burden cost for this collection has changed by $3,096.40, from $4,128 to $7,224.40 due to the removal of the utilization survey, and the addition of PCIIMS respondents. For the CISA Gateway, the total number of responses has increased from 350 to 700 due to the updated metrics resulting from the awareness campaign and due to the registration process changing which does not include the training registration. The annual government cost for this collection has changed by $8,340.92 from $5,723 to $14,063.92 due to the removal of the utilization survey, and the addition of PCIIMS respondents. The This is a renewal with changes of an information collection.

OMB is particularly interested in comments that:

1. Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;

2. Evaluate the accuracy of the agency's estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used;

3. Enhance the quality, utility, and clarity of the information to be collected; and

4. Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submissions of responses.

Analysis

Agency: Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS).

Title of Collection: CISA Gateway User Registration.

OMB Control Number: 1670-0009.

Frequency: Annually.

Affected Public: State, Local, Tribal, and Territorial Governments and Private Sector Individuals.

Number of Annualized Respondents: 700.

Estimated Time Per Respondent: 0.167 hours for Registration, 0.167 hours for Training.

Total Annualized Burden Hours: 116.679 hours.

Total Annualized Respondent Opportunity Cost: $7,224.40.

Total Annualized Respondent Out-of-Pocket Cost: $0.

Total Annualized Government Cost: $14,063.92.