OMB Control No.: 1670-NEW
Expiration Date: XX/XX/XXXX
Protected Critical Infrastructure Information (PCII) Officer Self-Assessment Questionnaire
The purpose of this mandatory questionnaire is to satisfy the self-assessment requirements mandated in 6 C.F.R. § 29.4 (4) (d) “Responsibilities of PCII Officers” of the Final Rule and Section 12.2.2 “Self-Inspection” of the PCII Program Procedures Manual dated April 2009. The primary focus is to establish and maintain an ongoing self-assessment program to include periodic review and assessment of compliance with handling, use and storage of PCII. Each of the below sections are specific to the PCII Officer’s responsibilities as defined in Section 2.1 of the Manual and the PCII Memorandum of Agreement (MOA) signed by the PCII Program Manager and the Officer’s accredited entity.
We appreciate your comments and findings in the open text boxes. However, please do not list names or other personally identifiable information on the form.
Paperwork Burden Notice:
The public reporting burden to complete this information collection is estimated at 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and the completing and reviewing the collected information. An agency may not conduct or sponsor, and a person is not required to respond to a collection of information unless it displays a currently valid OMB control number and expiration date. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden to DHS/National Protection and Programs Directorate/Office of Infrastructure Protection, PCII Program, [email protected], ATTN: PRA 1670-NEW.
Accredited Entity:
|
Date(s) of Assessment:
|
Section 1: PCII Authorized Users |
Log into PCIIMS and assess the users within your entity. |
Q1: Do you periodically verify the status of every user to ensure each has completed Authorized User Training, still has a need-to-know and is still currently involved in homeland security duties? Have you come across any users who may not be part of your entity or not directly/indirectly overseen by you, if so, how do you determine their need for access to PCII? |
Comments/Findings:
|
Q2: How many employees are employed at your entity? How many of those employees, not currently in PCIIMS, may access PCII at some point? Have you encouraged those employees to register in PCIIMS and complete the PCII Authorized User Training? |
Comments/Findings:
|
Q3: Do you have contractors with access to PCII? If yes, have their contracts been modified to include PCII language? |
Comments/Findings:
|
Q4: Do you use the Contractor Certification Memorandum for the Record when certifying contractors? If not, how do you certify contractors? |
Comments/Findings:
|
Section 2: Safeguarding PCII |
Locate a hard or soft copy of PCII. |
Q5: If applicable, was the PCII hard copy physically stored in a lockable area? |
Comments/Findings:
|
Q6: Does the PCII carry the PCII header and footer? Does the PCII have a PCII cover sheet with the Submission Identification Number? |
Comments/Findings:
|
Q7: If possible, locate an email containing PCII. Was the email properly marked in the subject line and the body of the email? Are your users aware that they may only send PCII by email via a password-protected attachment with the password sent in a separate email with no subject? |
Comments/Findings:
|
Section 3: Dissemination and Use of PCII |
Q8: Do you disseminate PCII to other users? Do you track the dissemination of PCII? If yes, what tracking methods do you use?
|
Comments/Findings:
|
Q9: What procedures does your entity have in place when PCII is discussed in a meeting with PCII and non-PCII users? |
Comments/Findings:
|
Q10: Have you created any derivative work products containing original PCII? If yes, please describe. Who have you shared them with? |
Comments/Findings:
|
Q11: Has there been any suspected unauthorized disclosure, misuse or loss of PCII? If yes, please describe the situation. Do the authorized users within your entity know to inform you or the DHS PCII Program of an unauthorized disclosure or misuse of PCII? |
Comments/Findings:
|
Q12: In the past year, have you received a request from Congress, a state legislature or a state/local oversight agency for PCII and/or data related to PCII usage? Have you handled any requests for information under state and local disclosure laws? If yes, please describe. |
Comments/Findings:
|
Section 4: PCII Program Outreach and Participation |
Q13: Have you performed any PCII outreach activities with the user or submitter community within your area? If yes, please describe. |
Comments/Findings:
|
Q14: Have you reached out to other PCII accredited entities to determine how they run their state PCII program? What types of information would you like to learn from other state officers? |
Comments/Findings:
|
Q15: Is there any support you would like to receive from the PCII Program that you are currently not receiving? If yes, please describe. |
Comments/Findings:
|
Instructions:
Please submit the completed questionnaire via e-mail to the PCII Program at [email protected].
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | joseph.maltby |
| File Modified | 0000-00-00 |
| File Created | 2021-01-28 |