Vulnerability Discovery Program

ICR 202103-1601-001

OMB: 1601-0028

Federal Form Document

Forms and Documents
Document
Name
Status
Supplementary Document
2021-03-04
Supplementary Document
2021-03-03
Supplementary Document
2021-03-03
Supplementary Document
2020-02-13
Supporting Statement A
2021-03-03
IC Document Collections
IC ID
Document
Title
Status
239958 Modified
ICR Details
1601-0028 202103-1601-001
Active 202002-1601-001
DHS/OS
Vulnerability Discovery Program
Revision of a currently approved collection   No
Emergency 03/04/2021
Approved with change 03/04/2021
Retrieve Notice of Action (NOA) 03/04/2021
  Inventory as of this Action Requested Previously Approved
09/30/2021 6 Months From Approved 08/31/2021
3,000 0 3,000
9,000 0 9,000
0 0 0
The collection of this information regarding to discovered security vulnerabilities by individuals, organizations, and companies is needed to fulfil the congressional mandate in Section 101 of the SECURE Technologies Act regarding a Vulnerability Disclosure Policy. In addition, without the ability to collect information on newly discovered security vulnerabilities in DHS and other Federal Agency information systems.
DHS and Federal cybersecurity agencies are working to address the recently discovered SolarWinds hack on Federal agencies and organizations around the world. While DHS had previously obtained approval to collect this information on its own behalf, recent cyber attacks exploiting vulnerabilities have exemplified the need to have this capability government-wide. In 2020, a major cyberattack, nicknamed the SolarWinds cyberattack, by a group backed by a foreign government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration (eight to nine months) in which the hackers had access. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.
None
None
Not associated with rulemaking
No
1
IC Title Form No. Form Name
Vulnerability Discovery Program
  Total Approved Previously Approved Change Due to New Statute Change Due to Agency Discretion Change Due to Adjustment in Estimate Change Due to Potential Violation of the PRA
Annual Number of Responses 3,000 3,000 0 0 0 0
Annual Time Burden (Hours) 9,000 9,000 0 0 0 0
Annual Cost Burden (Dollars) 0 0 0 0 0 0
No
No
$863,730
No
    No
    Yes
No
No
No
No
Tyrone Huff 202 447-0106 [email protected]
  No
On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
 
 
 
 
 
 
 
    (i) Why the information is being collected;
    (ii) Use of information;
    (iii) Burden estimate;
    (iv) Nature of response (voluntary, required for a benefit, or mandatory);
    (v) Nature and extent of confidentiality; and
    (vi) Need to display currently valid OMB control number;
 
 
 
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
03/04/2021
© 2024 OMB.report | Privacy Policy