CISA is responsible for performing,
coordinating, and supporting response to information security
incidents, which may originate outside the Federal community and
affect users within it, or originate within the Federal community
and affect users outside of it. Often, therefore, the effective
handling of security incidents relies on information sharing among
individual users, industry, and the Federal Government, which may
be facilitated by and through CISA. Per the Federal Information
Security Modernization Act of 2014, CISA operates the Federal
in-formation security incident center for the United States federal
government. Each federal agency is required to notify and consult
with CISA regarding information security incidents involving
federal information systems. Additional entities report incident
information to CISA voluntarily. CISA’s website (at US-CERT.gov) is
a primary tool used by constituents to report incident
in-formation, access information sharing products and services, and
interact with CISA. Constituents, which may include anyone or any
entity in the public, use forms located on the website to complete
these activities.
US Code:
44
USC 3556 Name of Law: Federal Information Security Incident
Center
US Code: 44
USC 3553 Name of Law: Authority and Functions of the Director
and the Secretary
US Code: 6 USC
1504 Name of Law: Sharing of cyber threat indicators and
defensive measures with the Federal Government
US Code: 44
USC 3554 Name of Law: Information Security
PL:
Pub.L. 113 - 283 2(d) Name of Law: Federal Information
Security
US Code: 6 USC
659 Name of Law: National cybersecurity and communications
integration center
This is a revision to an
existing form. The changes to the collection since the previous OMB
approval include: updating the name of the Agency from NPPD to
CISA, updating the Incident Reporting Form, removing the ICSJWG
Form, and updating the burden and cost estimates. The Incident
Reporting Form was updated to add reporting options; and updated to
improve user-friendliness by having the form be directional. The
changes include: adding structured, distinct options for reporting
incidents, major incidents, breaches, and events under
investigation; and adding fields to collect expanded information on
topics including attack vectors, indicators of compromise,
communications from compromised systems, critical infrastructure
sectors, memory captures, system and network logs, and unattributed
cyber intrusions. Based on an increased number of respondents, the
revisions to the form, and the updated hourly compensation rates,
the burden and cost estimates have increased. The burden hour
estimates increased by 7,713 hours, from 6,139 hours to 13,851
hours. The annual government cost increased by $1,592,127, from
$506,956 to $2,099,083.
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.