DHS Requests Comments on Cyber Infrastructure Protection Program

The Department of Homeland Security (DHS) has requested a 30-day extension for agency and public comments on the effectiveness of the vulnerability assessment program run by the Cybersecurity and Infrastructure Security Agency (CISA). The extension and message to agencies comes after DHS received no initial comments in the first 60-day period after the request was submitted.

The DHS request for comment cites both a presidential policy directive and the National Infrastructure Protection Plan for the need for a “centrally managed repository of infrastructure attributes capable of assessing risks and facilitating data sharing.” To meet that need, DHS created several programs to conduct voluntary assessments on critical infrastructure facilities.

“These assessments are web-based and are used to collect an organization’s basic, high-level information, and its dependencies. This data is then used to determine a Protective Measures Index (PMI) and a Resilience Measures Index (RMI) for the assessed organization. This information allows an organization to see how it compares to other organizations within the same sector as well as allows them to see how adjusting certain aspects would change their score,” the request explains. “This allows the organization to then determine where best to allocate funding and perform other high-level decision-making processes pertaining to the security and resiliency of the organization.”

Each time a group uses the assessment, they complete a Post-Assessment Questionnaire. The data from the questionnaire is used internally at DHS to improve the programs. While the questionnaire provides some feedback, DHS is requesting additional insight into perception of the program.

The agency is requesting comments to determine (1) whether the proposed collection of information is necessary, (2) the accuracy of the agency's estimate of the burden of the proposed collection of information, (3) the quality, utility, and clarity of the information to be collected, and (4) to minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology.

Comments are due by December 16, 2019.

Posted in Featured News


This Week on FEDtalk

Fellows Moving Government Forward

Tune in to FEDtalk this week to hear about the fellowships bringing innovation and technology skills to government. Guests from fellowships impacting the legislative and executive branches will discuss how they bring new skills to government.

Read more ...

Hear it from FLEOA

FLEOA Successfully Advocates for Change to Michigan LEOSA Policy

On Tuesday, FLEOA President Larry Cosme issued a letter on Michigan LEOSA policy.  The full text of the statement is below.

Read more ...


The free weekly e-report for Federal Law Enforcement

Get in touch with us

Email FEDagent publisher

Copyright 2020 FEDagent.com
Hosted by Peak Media Company, LLC