Defense Industrial Base Cyber Security/Information Assurance (DIB CS/IA) Cyber Incident Reporting

ICR 201507-0704-001

OMB: 0704-0489

Federal Form Document

⚠️ Notice: This information collection may be outdated. More recent filings for OMB 0704-0489 can be found here:

Forms and Documents

Document Name	Status
DCIO 01.doc Supplementary Document	2015-08-24
Tab K_DIB CSIA PIA_Final_7JAN15.pdf Supplementary Document	2015-07-02
Tab F_Supt Statmt OMB83 cyber incident reporting 0704-0489.doc Supporting Statement A	2015-08-24

IC Document Collections

IC ID	Document Title	Status
200868	Defense Industrial Base Cyber Security/Information Assurance (DIB CS/IA) Cyber Incident Reporting Instruction	Modified

ICR Details

OMB Control No: 0704-0489	ICR Reference No: 201507-0704-001
Status: Historical Active	Previous ICR Reference No: 201309-0704-001
Agency/Subagency: DOD/DODDEP	Agency Tracking No:
Title: Defense Industrial Base Cyber Security/Information Assurance (DIB CS/IA) Cyber Incident Reporting
Type of Information Collection: Revision of a currently approved collection	Common Form ICR: No
Type of Review Request: Emergency	Approval Requested By: 10/30/2015
OIRA Conclusion Action: Approved with change	Conclusion Date: 10/05/2015
Retrieve Notice of Action (NOA)	Date Received in OIRA: 07/02/2015
Terms of Clearance: This collection is approved based on the revised materials provided by the Department for 6 months only. If DOD plans to use the revised collection longer than 6 months, the Department needs to resubmit the collection.

	Inventory as of this Action	Requested	Previously Approved
Expiration Date	04/30/2016	6 Months From Approved	11/30/2016
Responses	50,000	0	1,250
Time Burden (Hours)	250,000	0	8,750
Cost Burden (Dollars)	10,255,000	0	306,250

Abstract: DoD is proposing a revision to 32 CFR Part 236 to update voluntary reporting and address reporting of cyber incidents on unclassified networks or information systems by DoD contractors under non-contract types of agreements including grants, cooperative agreements and non-procurement transactions. The revision will facilitate mandatory cyber incident reporting requirements in accordance with statutory regulations.

Emergency Justfication: This is tied to a Interim Final Rule.

Authorizing Statute(s): US Code: 10 USC 2224 Name of Law: null

Citations for New Statutory Requirements: None

Associated Rulemaking Information
RIN:	Stage of Rulemaking:	Federal Register Citation:	Date:
0790-AJ29	Final or interim final rulemaking	80 FR 59581	10/02/2015

Federal Register Notices & Comments
Did the Agency receive public comments on this ICR? No

Number of Information Collection (IC) in this ICR: 1

IC Title	Form No.	Form Name
Defense Industrial Base Cyber Security/Information Assurance (DIB CS/IA) Cyber Incident Reporting

ICR Summary of Burden

	Total Approved	Previously Approved	Change Due to Agency Discretion
Annual Number of Responses	50,000	1,250	48,750
Annual Time Burden (Hours)	250,000	8,750	241,250
Annual Cost Burden (Dollars)	10,255,000	306,250	9,948,750

Burden increases because of Program Change due to Agency Discretion: Yes

Burden Increase Due to: Miscellaneous Actions

Burden decreases because of Program Change due to Agency Discretion: No

Burden Reduction Due to:

Short Statement: The increase in burden is due to an increase in the number of respondents.

Annual Cost to Federal Government: $12,306,000

Does this IC contain surveys, censuses, or employ statistical methods? No

Is the Supporting Statement intended to be a Privacy Impact Assessment required by the E-Government Act of 2002? No

Is this ICR related to the Affordable Care Act [Pub. L. 111-148 & 111-152]? No

Is this ICR related to the Dodd-Frank Wall Street Reform and Consumer Protection Act, [Pub. L. 111-203]? No

Is this ICR related to the American Recovery and Reinvestment Act of 2009 (ARRA)? No

Is this ICR related to the Pandemic Response? Uncollected

Agency Contact: Frederick Licari 571 372-0493 [email protected]

Common Form ICR: No