Extension without change of a currently approved collection
No
Regular
08/23/2021
Requested
Previously Approved
36 Months From Approved
09/30/2021
3,000
3,000
9,000
9,000
0
0
Security vulnerabilities, defined in
section 102(17) of the Cybersecurity Information Sharing Act of
2015, are any attribute of hardware, software, process, or
procedure that could enable or facilitate the defeat of a security
control. Security vulnerability mitigation is a process starting
with discovery of the vulnerability leading to applying some
solution to resolve the vulnerability. There is constantly a search
for security vulnerabilities within information systems, from
individuals or nation states wishing to bypass security controls to
gain invaluable information, to researchers seeking knowledge in
the field of cyber security. Bypassing such security controls in
the DHS and other Federal Agencies information systems can cause
catastrophic damage including but not limited to loss in Personally
Identifiable Information (PII), sensitive information gathering,
and data manipulation. Pursuant to section 101 of the Strengthening
and Enhancing Cyber-capabilities by Utilizing Risk Exposure
Technology Act, (commonly known as the SECURE Technologies Act)
individuals, organizations, and/or companies may submit any
discovered security vulnerabilities found associated with the
information system of any Federal agency. This collection would be
used by these individuals, organizations, and/or companies who
choose to submit a discovered vulnerability found associated with
the information system of any Federal agency. Pub. L. 116-283, Sec.
1705 (which amended 44 U.S.C. § 3553) permits extensive sharing of
information regarding cybersecurity and the protection of
information and information systems from cybersecurity risks
between Federal Agencies covered by the Federal Information
Security Modernization Act and the Department of Homeland Security.
This unique authority makes DHS well positioned to host the
approval of this information collection on behalf of other Federal
agencies DHS is requesting pursuant to 44 US Code 3554(a)(1)(B),
that the information collection be designated for any Federal
agencies ability to utilize the standardized DHS online form to
collect their own agency’s vulnerability information and post the
information on their own agency websites.
US Code:
44
USC 3509 Name of Law: Designation of central collection
agency
PL:
Pub.L. 116 - 283 1705 Name of Law: William M. (Mac) Thornberry
National Defense Authorization Act for Fiscal Year 2021
PL:
Pub.L. 115 - 390 101 Name of Law: Strengthening and Enhancing
Cyber-capabilities by Utilizing Risk Exposure Technology Act
US Code:
44 USC 3554(a)(1)(B) Name of Law: Information Security-Federal
Agency Responsibilities
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.
1601-0028_Vulnerablity Discovery Program _SSA 8 2021 FINAL.docx
Sec 3554 Federal agency responsibilities.pdf
Vulnerability Discovery Program