DHS Requests Comments on Cyber Infrastructure Protection Program

The Department of Homeland Security (DHS) has requested a 30-day extension for agency and public comments on the effectiveness of the vulnerability assessment program run by the Cybersecurity and Infrastructure Security Agency (CISA). The extension and message to agencies comes after DHS received no initial comments in the first 60-day period after the request was submitted.

The DHS request for comment cites both a presidential policy directive and the National Infrastructure Protection Plan for the need for a “centrally managed repository of infrastructure attributes capable of assessing risks and facilitating data sharing.” To meet that need, DHS created several programs to conduct voluntary assessments on critical infrastructure facilities.

“These assessments are web-based and are used to collect an organization’s basic, high-level information, and its dependencies. This data is then used to determine a Protective Measures Index (PMI) and a Resilience Measures Index (RMI) for the assessed organization. This information allows an organization to see how it compares to other organizations within the same sector as well as allows them to see how adjusting certain aspects would change their score,” the request explains. “This allows the organization to then determine where best to allocate funding and perform other high-level decision-making processes pertaining to the security and resiliency of the organization.”

Each time a group uses the assessment, they complete a Post-Assessment Questionnaire. The data from the questionnaire is used internally at DHS to improve the programs. While the questionnaire provides some feedback, DHS is requesting additional insight into perception of the program.

The agency is requesting comments to determine (1) whether the proposed collection of information is necessary, (2) the accuracy of the agency's estimate of the burden of the proposed collection of information, (3) the quality, utility, and clarity of the information to be collected, and (4) to minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology.

Comments are due by December 16, 2019.

Posted in Featured News

Print

This Week on FEDtalk

Partnerships to Improve Public Service

Tune in to FEDtalk this week for a discussion on improving public service- from the institutional level to the individual level. Guests from across the federal community will discuss how they work together to build a better public service system.

Read more ...

Hear it from FLEOA

FLEOA Elects New National Officers at Bi-Annual Conference

Last week, the Federal Law Enforcement Officers Association elected the following National Officers at the 25th National Conference held in College Park, Maryland:

Read more ...
FEDagent

FEDagent.com

The free weekly e-report for Federal Law Enforcement

Get in touch with us

Email FEDagent publisher

Copyright 2019 FEDagent.com
Hosted by Peak Media Company, LLC