Download:
pdf |
pdfFederal Register / Vol. 90, No. 11 / Friday, January 17, 2025 / Notices
DEPARTMENT OF HOMELAND
SECURITY
[Docket No. CISA–2024–0035]
National Security Telecommunications
Advisory Committee
Cybersecurity and
Infrastructure Security Agency (CISA),
Department of Homeland Security
(DHS).
ACTION: Notice of open Federal advisory
committee meeting; request for
comments.
KHAMMOND on DSK9W7S144PROD with NOTICES
AGENCY:
SUMMARY: CISA is publishing this notice
to announce the President’s National
Security Telecommunications Advisory
Committee (NSTAC) meeting on
February 26, 2025. The public can
access the meeting via teleconference.
DATES: Meeting Registration:
Registration to attend the meeting via
teleconference is required and must be
received no later than 5 p.m. eastern
standard time (EST) on February 24,
2025. For more information on how to
participate, please contact NSTAC@
mail.cisa.dhs.gov.
Speaker Registration: Registration to
speak during the meeting’s public
comment period must be received no
later than 5 p.m. EST on February 19,
2025.
Written Comments: Written comments
must be received no later than 5 p.m.
EST on February 19, 2025.
Meeting Date: The NSTAC will meet
via teleconference on February 26, 2025,
from 2 to 3 p.m. EST. The meeting may
close early if the committee has
completed its business.
ADDRESSES: The NSTAC meeting will be
open to the public, per 41 CFR 102–
3.150 and will be held via
teleconference. For access to the
teleconference, or to request special
assistance, please email NSTAC@
mail.cisa.dhs.gov by 5 p.m. EST on
February 24, 2025. The NSTAC is
committed to ensuring all participants
have equal access regardless of
disability status. If you require a
reasonable accommodation due to a
disability to fully participate, please
contact the individual listed in the FOR
FURTHER INFORMATION CONTACT section
as soon as possible.
Comments: Members of the public are
invited to provide comments on issues
that will be considered by the
committee as listed in the
SUPPLEMENTARY INFORMATION section
below. Associated materials that may be
discussed during the meeting will be
made available for review at https://
www.cisa.gov/nstac prior to the day of
the meeting. Comments should be
VerDate Sep<11>2014
09:31 Jan 17, 2025
Jkt 265001
submitted by 5:00 p.m. EST on February
19, 2025, and must be identified by
Docket Number CISA–2024–0035.
Comments may be submitted by one of
the following methods:
• Federal eRulemaking Portal:
www.regulations.gov. Please follow the
instructions for submitting written
comments.
• Email: NSTAC@mail.cisa.dhs.gov.
Include the Docket Number CISA–2024–
0035 in the subject line of the email.
Instructions: All submissions received
must include the words ‘‘Cybersecurity
and Infrastructure Security Agency’’ and
the Docket Number for this action.
Comments received will be posted
without alteration to
www.regulations.gov, including any
personal information provided. You
may wish to review the Privacy &
Security Notice available via a link on
the homepage of www.regulations.gov.
Docket: For access to the docket and
comments received by the NSTAC,
please go to www.regulations.gov and
enter docket number CISA–2024–0035.
A public comment period is
scheduled to be held during the meeting
from 2:30 to 2:35 p.m. EST. Speakers
who wish to participate in the public
comment period must email NSTAC@
mail.cisa.dhs.gov to register. Speakers
should limit their comments to three
minutes and will speak in order of
registration. Please note that the public
comment period may end before the
time indicated, following the last
request for comments.
FOR FURTHER INFORMATION CONTACT:
Christina Berger, 202–701–6354,
NSTAC@mail.cisa.dhs.gov.
SUPPLEMENTARY INFORMATION: The
NSTAC is established under the
authority of Executive Order (E.O.)
12382, dated September 13, 1982, as
amended by E.O. 13286 and 14048,
continued under the authority of E.O.
14109, dated September 30, 2023.
Notice of this meeting is given under
Federal Advisory Committee Act
(FACA), 5 U.S.C. chapter 10. The
NSTAC advises the President on matters
related to national security and
emergency preparedness (NS/EP)
telecommunications and cybersecurity
policy.
Agenda: The NSTAC will hold a
meeting via teleconference on Tuesday,
February 26, 2025, from 2 to 3 p.m. EST
to discuss current NSTAC activities and
the government’s ongoing cybersecurity
and NS/EP communications initiatives.
This meeting is open to the public and
will include: (1) remarks from the
administration and CISA leadership on
salient NS/EP and cybersecurity efforts;
(2) a status update on the current
PO 00000
Frm 00125
Fmt 4703
Sfmt 4703
5933
NSTAC study; and (3) a deliberation
and vote on the NSTAC Report to the
President on Principles for Baseline
Security Offerings from Cloud Service
Providers.
Dated: January 13, 2025.
Christina Berger,
Designated Federal Officer, National Security
Telecommunications Advisory Committee,
Cybersecurity and Infrastructure Security
Agency, Department of Homeland Security.
[FR Doc. 2025–01193 Filed 1–16–25; 8:45 am]
BILLING CODE 9111–LF–P
DEPARTMENT OF HOMELAND
SECURITY
Agency Information Collection
Activities: Incident Reporting Form
Cybersecurity and
Infrastructure Security Agency (CISA),
Department of Homeland Security
(DHS).
ACTION: 30-day notice and request for
comment; new information collection
request.
AGENCY:
SUMMARY: The Cybersecurity Division
(CSD) within the Cybersecurity and
Infrastructure Security Agency (CISA)
will submit the following information
collection request (ICR) to the Office of
Management and Budget (OMB) for
review and clearance. CISA previously
published this information collection
request (ICR) in the Federal Register on
October 7, 2024, for a 60-day public
comment period. Three (3) comments
were received by CISA. One unrelated
public comment was submitted. The
purpose of this notice is to allow
additional 30-days for public comments.
DATES: Comments will be accepted until
February 18, 2025.
ADDRESSES: Written comments and
recommendations for the proposed
information collection should be sent
within 30 days of publication of this
notice to www.reginfo.gov/public/do/
PRAMain. Find this particular
information collection by selecting
‘‘Currently under 30-day Review—Open
for Public Comments’’ or by using the
search function. All submissions
received must include the agency name
‘‘CISA’’ and docket number CISA–2024–
0025.
The Office of Management and Budget
is particularly interested in comments
which:
1. Evaluate whether the proposed
collection of information is necessary
for the proper performance of the
functions of the agency, including
whether the information will have
practical utility;
E:\FR\FM\17JAN1.SGM
17JAN1
�KHAMMOND on DSK9W7S144PROD with NOTICES
5934
Federal Register / Vol. 90, No. 11 / Friday, January 17, 2025 / Notices
2. Evaluate the accuracy of the
agency’s estimate of the burden of the
proposed collection of information,
including the validity of the
methodology and assumptions used;
3. Enhance the quality, utility, and
clarity of the information to be
collected; and
4. Minimize the burden of the
collection of information on those who
are to respond, including through the
use of appropriate automated,
electronic, mechanical, or other
technological collection techniques or
other forms of information technology,
e.g., permitting electronic submissions
of responses.
FOR FURTHER INFORMATION CONTACT:
Brian DeWyngaert, 202–297–7639,
brian.dewyngaert@mail.cisa.dhs.gov.
SUPPLEMENTARY INFORMATION: CISA
serves as ‘‘a Federal civilian interface
for the multi-directional and crosssector sharing of information related to
cyber threat indicators, defensive
measures, cybersecurity risks, incidents,
analysis, and warnings for Federal and
non-Federal entities.’’ 6 U.S.C. 659(c)(1).
As such, CISA is responsible for
performing, coordinating, and
supporting response to information
security incidents, which may originate
outside the Federal community and
affect users within it, or originate within
the Federal community and affect users
outside of it. CISA uses the information
from incident reports to develop timely
and actionable information for
distribution to Federal departments and
agencies; State, local, Tribal, and
territorial (SLTT) governments; critical
infrastructure owners and operators;
private industry; and international
organizations. Often, the effective
handling of security incidents relies on
information sharing among individual
users, industry, and the Federal
Government, which may be facilitated
by and through CISA.
Pursuant to the Federal Information
Security Modernization Act of 2014
(FISMA), 44 U.S.C. 3552 et seq., CISA
operates the Federal information
security incident center for the United
States Federal Government. 44 U.S.C.
3556. Federal agencies notify and
consult with CISA regarding
information security incidents involving
Federal information systems. CISA
provides Federal agencies with
technical assistance and guidance on
detecting and handling security
incidents, compiles and analyze
incident information that threatens
information security, informs agencies
of current and potential threats and
vulnerabilities, and provides
intelligence or other information about
VerDate Sep<11>2014
09:31 Jan 17, 2025
Jkt 265001
cyber threats, vulnerabilities, and
incidents to agencies. 44 U.S.C. 3556(a).
CISA also receives incident reports from
non-Federal entities who are reporting
to satisfy existing regulatory, statutory,
and/or contractual requirements.
Finally, CISA receives voluntary
incident reports from non-Federal
entities.
CISA’s website (at https://
www.cisa.gov/) is a primary tool used by
constituents to report incident
information, access information sharing
products and services, and interact with
CISA. Constituents, which may include
anyone or any entity in the public, use
forms located on CISA’s website to
complete these activities. Incident
reports are primarily submitted using
CISA’s current Incident Reporting
Portal, available at https://
www.cisa.gov/forms/report. This
proposed collection instrument will
replace the current form if it is approved
by the Office of Management and
Budget.
By accepting incident reports and
feedback, and interacting among Federal
agencies, industry, the research
community, State and local
governments, and others to disseminate
reasoned and actionable cybersecurity
information to the public, CISA has
provided a way for citizens, businesses,
and other institutions to communicate
and coordinate directly with the Federal
Government about cybersecurity.
Incident reports are collected through
the Incident Reporting Portal, which
enables end users to report incidents
and indicators as well as submit
malware artifacts associated with
incidents to CISA. This information is
used by CISA to conduct analyses and
provide warnings of system threats and
vulnerabilities, and to develop
mitigation strategies as appropriate.
This ICR also requests the user’s name,
email address, organization,
infrastructure sector and sub-sector. The
primary purpose for the collection of
this contact and industry information is
to allow CISA to contact requestors
regarding their report.
In addition to web-based electronic
forms, information may be collected
through email or telephone. These
methods enable individuals, private
sector entities, personnel working at
other Federal or state agencies, and
international entities, including
individuals, companies and other
nations’ governments to submit
information.
This proposed collection of
information will replace CISA’s current
incident reporting form. The questions
included in this proposed new incident
reporting form represent the universe of
PO 00000
Frm 00126
Fmt 4703
Sfmt 4703
all possible questions that CISA may use
for incident report information
collection purposes across the multiple
use cases outlined above. In no
circumstance would a respondent be
presented all the questions in this
proposed collection. In CISA’s Incident
Reporting Portal respondents will be
directed to answer only an applicable
subset of the questions based on the
characteristics of the reporting entity,
the reasons for which they are reporting,
and the nature of the incident. The
dynamic design of the Incident
Reporting Portal means that the user
experience flow from question to
question is driven by the individual
respondent’s responses. No respondent
will be prompted to answer all the
questions included in this package for
review and approval.
This collection of information is
distinct from CISA’s efforts to
implement the Cyber Incident Reporting
for Critical Infrastructure Act of 2022
(CIRCIA) covered cyber incident and
ransom payment reporting
requirements. On April 4, 2024, CISA
published the CIRCIA notice of
proposed rulemaking (NPRM). 89 FR
23644 (Apr. 4, 2024). Among other
aspects of the proposed rulemaking, the
CIRCIA NPRM described the proposed
required content of CIRCIA reports. The
public comment for that NPRM closed
on July 3, 2024, and CISA is currently
reviewing and considering comments as
it develops the CIRCIA final rule.
However, CISA clarifies that reporting
under CIRCIA will not go into effect
until the effective date of the CIRCIA
final rule, which is anticipated to be late
2025 or early 2026.
As described above, the purpose of
this ICR is to replace CISA’s current
Incident Reporting Form (approved
under OMB control number 1670–0037)
which is used to collect incident reports
under CISA’s non-CIRCIA authorities
(including FISMA) or other existing
regulatory, statutory, and/or contractual
requirements that provide for reporting
of incidents to CISA. This collection is
intended to replace the current Incident
Reporting Form, prior to the effective
date of the CIRCIA final rule, with a
revised question set that will enrich the
value and analytical capabilities on the
data collected under these other
incident reporting and information
sharing authorities. In other words,
CIRCIA incident reports will utilize
their own set of questions, rather than
the question set for this information
collection request.
Because this effort is distinct from the
CIRCIA final rule development,
comments submitted in response to this
Federal Register notice will not be
E:\FR\FM\17JAN1.SGM
17JAN1
�Federal Register / Vol. 90, No. 11 / Friday, January 17, 2025 / Notices
considered comments on the CIRCIA
NPRM or otherwise considered as part
of the development of the CIRCIA final
rule. Further, because CISA is still
actively in the process of considering
comments received in response to the
CIRCIA NPRM, this ICR should not be
viewed as indicating how CISA will
resolve such comments as part of the
final rule.
KHAMMOND on DSK9W7S144PROD with NOTICES
CISA Proposed Revisions to This
Collection
CISA proposes to revise this
collection as follows:
• CISA maintains most of the
questions from the 60-day notice,
however, based on comments received,
CISA proposes to streamline and
consolidate some of the originally
proposed questions to reduce burden for
respondents that is derived from the
collection originally proposed during
the 60-day public comment period.
CISA proposes to use a further
streamlined minimum collection set and
augment this minimum set with
questions to address the specific data
collection needs for FISMA, Federal
Risk and Authorization Management
Program (FEDRAMP), or regulations
whose regulators use this information
collection request to collect reporting
information. The dynamic nature of the
information collection request will
allow CISA to use combinations of the
questions, as appropriate, to address
reporting needs based upon the context
of the report. Overall, the revised
question set streamlines and
consolidates previously proposed
questions, accordingly CISA does not
anticipate in increase in burden for this
collection.
Responses to Comments Received
During 60-Day Comment Period
CISA received three comments during
the 60-day public comment period in
response to the information collection
request (ICR) published in the Federal
Register on October 7, 2024.1 89 FR
81097. The three comments received are
summarized below along with CISA’s
response to those comments.
Comment: One commenter suggested
that a common issue among critical
water infrastructure operations is a need
for education on cyberattacks and
resilience strategies based on their
vulnerabilities. To address this concern
and to spot trends affecting these types
1 The unrelated public comment may be viewed
at https://www.regulations.gov/comment/CISA2024-0025-0005. This comment applies to the Cyber
Incident Reporting for Critical Infrastructure Act of
2022 (CIRCIA) covered cyber incident and ransom
payment reporting requirements which is out of
scope of this proposed collection.
VerDate Sep<11>2014
09:31 Jan 17, 2025
Jkt 265001
of entities, the commenter proposed
updating the form to collect information
on affected organizations’ preparedness
for the type of incident reported.
Response: CISA agrees with the
commenter’s suggestion that the
additional data would be a valuable way
to gauge readiness across sectors or
other groups. Further, CISA agrees that
this data will improve CISA’s ability to
draw clearer conclusions about incident
impact trends. Therefore, CISA proposes
to add an additional question to the
collection to gauge across a spectrum
the impacted entity’s readiness level to
handle and respond to the cyber
incident. The new question asks, how
prepared the entity was to handle and
respond to the incident? Answer
choices are [Unprepared, Minimally
Prepared, Moderately Prepared, Well
Prepared] The below are example text
which aims to help entities pick the
correct choice.
1. Unprepared
• No incident response plan: No
documented procedures for handling
cyberattacks.
• Lack of awareness: Employees are
not trained on cybersecurity best
practices or how to identify threats.
• Basic or no security measures:
Weak passwords, outdated software, no
firewall or antivirus protection.
• No backups or disaster recovery
plan: Data loss is a significant risk.
2. Minimally Prepared
• Basic incident response plan: A
rudimentary document outlining basic
steps to take in case of an incident.
• Some security measures: Antivirus
software installed, basic firewall, some
password policies in place.
• Occasional security awareness
training: Employees receive some
training, but it may be infrequent or
inadequate.
• Basic backups: Some data is backed
up, but the process may be inconsistent
or incomplete.
3. Moderately Prepared
• Documented incident response
plan: A comprehensive plan with
defined roles, responsibilities, and
procedures for various incident types.
• Regular security awareness training:
Employees receive regular training on
cybersecurity best practices, phishing
awareness, and incident reporting.
• Robust security measures: Strong
passwords, multi-factor authentication,
up-to-date software, firewalls, intrusion
detection systems, and regular
vulnerability scanning.
• Regular backups and disaster
recovery plan: Data is regularly backed
PO 00000
Frm 00127
Fmt 4703
Sfmt 4703
5935
up and a plan is in place to restore
systems and data in case of a major
incident.
• Incident response team: A
designated team responsible for
handling cyber incidents.
4. Well Prepared
• Advanced incident response plan:
A detailed and regularly tested plan that
includes incident simulation exercises
and post-incident analysis.
• Continuous security awareness
training: Ongoing training and
education to keep employees up to date
on the latest threats and best practices.
• Advanced security measures:
Proactive threat hunting, security
information and event management
(SIEM) systems, advanced malware
protection, and penetration testing.
• Comprehensive backups and
disaster recovery plan: Multiple backup
locations, automated backups, and a
detailed plan for business continuity
and disaster recovery.
• Dedicated incident response team
with external support: A well-trained
internal team with access to external
cybersecurity experts for specialized
assistance.
• Cyber insurance: Coverage for
potential financial losses resulting from
cyber incidents.
Further CISA will add these key terms
as a hover over/tool tip as they relate to
cyber incident preparedness:
• Prevention: Implementing security
measures to prevent incidents from
occurring in the first place.
• Detection: Identifying and detecting
incidents as quickly as possible.
• Response: Taking appropriate
actions to contain the incident,
minimize damage, and restore systems
and data.
• Recovery: Restoring normal
operations and implementing measures
to prevent future incidents.
By understanding these levels of
preparedness, we can assess the entities
current state and identify areas for
improvement to better protect entities
with like preparedness profiles.
Comment: One commenter raised the
role of Domain Name System (DNS)
security logs, Dynamic Host
Configuration Protocol (DHCP) data, and
internet Protocol (IP) address
management log data in incident
response and reporting. The commenter
proposed updating the Data Sharing and
Logging Readiness section of the form so
that respondents could indicate whether
they have current and historical DNS
security data, DHCP log data, and IP
address management log data to share
with CISA.
Response: CISA concurs with this
suggestion and proposes to add the
E:\FR\FM\17JAN1.SGM
17JAN1
�KHAMMOND on DSK9W7S144PROD with NOTICES
5936
Federal Register / Vol. 90, No. 11 / Friday, January 17, 2025 / Notices
recommended language to the Data
Sharing and Logging Readiness section
of the collection.
Comment: One commenter raised that
CISA should reduce the number of
requested fields and the amount of
detail requested in the proposed
collection to reduce burden on
reporters. Specifically, the commenter
suggested that CISA delete or reshape
questions pertaining to: ‘‘Violation of
Law and Policy’’ (i.e., whether the
incident breaches a law or private
industry or policy standard), ‘‘Identify
the impacted users’’ (i.e., the types of
users impacted by the incident), and
‘‘Instance of Impacted Systems’’ (i.e., a
set of questions asking for details on
each impacted system, including system
type, location, and services provided).
Response: CISA partially agrees with
the commenter’s suggestions. As
detailed above, CISA is proposing a
streamlined and consolidated minimum
question set to reduce burden for
respondents that is derived from and
covers the same scope of questions the
collection originally proposed during
the 60-day public comment period.
CISA also agrees that the content
surrounding the ‘‘Violation of Law and
Policy’’ was unnecessary and proposed
removing it from this collection. CISA
agrees in part with the suggestion to
reshape or eliminate the detailed system
information on impacted systems
because it could be overly burdensome,
in some cases, as suggested by the
commentor. When incidents involving
destructive (e.g., ransomware) or denial
effects are reported, the impacted entity
should not be required to provide the
full details for each system, and that like
systems should be grouped together.
However, if specific details of a system
or a group of systems lead and/or
contributed to the destructive or denial
effects experienced by the impacted
entity(ies) then, CISA proposes to
collect those system details and any
associated vulnerabilities. CISA has
updated the proposed collection to
reflect this change. Finally, CISA
partially agrees with the suggestion to
eliminate or reshape the proposed the
Impacted User content in the proposed
collection. CISA has updated the
streamlined question set to query for the
number of impacted users and not the
user type or impact. However, for
entities reporting under FISMA,
FEDRAMP, or entities covered by other
regulations whose regulators who
require it, CISA proposes to ask the
question as proposed in the 60-day
notice. CISA believes that these types of
reporting entities should describe the
data impact differences of internal users
and external users, if both user types
VerDate Sep<11>2014
09:31 Jan 17, 2025
Jkt 265001
had data impacts during the incident, in
the incident description and updated as
appropriate in supplemental reports.
For FISMA, FEDRAMP, and other
regulations, this information is
necessary for the Federal Government to
determine the impact and scale of the
incident, as well as necessary for the
Federal Government to determine the
appropriate response.
This collection of information will not
have a significant economic impact on
a substantial number of small entities.
Based on an average of 26,000
respondents and the current hourly
compensation rates, the burden and cost
estimates are as follows: the burden
hour estimate for an initial report is
52,000 hours and 146,250 hours for
subsequent updates to the initial report.
The annual burden cost is $8,870,611.
The annual Government cost is
$$4,351,162.
Analysis
Agency: Cybersecurity and
Infrastructure Security Agency (CISA),
Department of Homeland Security
(DHS).
Title: Clearance for the Collection of
Information through CISA Reporting
Form.
OMB Number: 1670–NEW.
Frequency: Annually.
Affected Public: State, Local, Tribal,
and Territorial Governments, Private
Sector, and Academia..
Number of Respondents: 26,000
Estimated Time Per Respondent: 3
hours (Initial Report) 7.5 hours
(Updated Report).
Total Burden Hours: 198,250.
Total Annualized Respondent Cost:
$8,870,611.
Total Annualized Government Cost:
$4,351,162.
Robert J. Costello,
Chief Information Officer, Department of
Homeland Security, Cybersecurity and
Infrastructure Security Agency.
[FR Doc. 2025–01165 Filed 1–16–25; 8:45 am]
BILLING CODE 9111–LF–P
DEPARTMENT OF HOMELAND
SECURITY
U.S. Citizenship and Immigration
Services
[CIS No. 2795–25; DHS Docket No. USCIS–
2022–0003]
RIN 1615–ZB91
Extension of the Designation of
Ukraine for Temporary Protected
Status
U.S. Citizenship and
Immigration Services (USCIS),
AGENCY:
PO 00000
Frm 00128
Fmt 4703
Sfmt 4703
Department of Homeland Security
(DHS).
ACTION: Notice of Temporary Protected
Status (TPS) extension.
SUMMARY: Through this notice, the
Department of Homeland Security
(DHS) announces that the Secretary of
Homeland Security (Secretary) is
extending the designation of Ukraine for
Temporary Protected Status (TPS) for 18
months, beginning on April 20, 2025,
and ending on October 19, 2026.
Existing TPS beneficiaries who wish to
extend their status through October 19,
2026, must re-register during the 60-day
re-registration period described in this
notice.
DATES: Extension of Designation of
Ukraine for TPS begins on April 20,
2025, and will remain in effect for 18
months. For registration instructions,
see the Registration Information section
below.
FOR FURTHER INFORMATION CONTACT:
• You may contact Rena´ CutlipMason, Chief, Humanitarian Affairs
Division, Office of Policy and Strategy,
U.S. Citizenship and Immigration
Services, Department of Homeland
Security, by mail at 5900 Capital
Gateway Drive, Camp Springs, MD
20746, or by phone at 240–721–3000.
• For more information on TPS,
including guidance on the registration
process and additional information on
eligibility, please visit the USCIS TPS
web page at https://www.uscis.gov/tps.
You can find specific information about
Ukraine’s TPS designation by selecting
‘‘Ukraine’’ from the menu on the left
side of the TPS web page.
• If you have additional questions
about TPS, please visit https://uscis.gov/
tools. Our online virtual assistant,
Emma, can answer many of your
questions and point you to additional
information on our website. If you
cannot find your answers there, you
may also call our USCIS Contact Center
at 800–375–5283 (TTY 800–767–1833).
• Applicants seeking information
about the status of their individual cases
may check Case Status Online, available
on the USCIS website at uscis.gov, or
visit the USCIS Contact Center at
https://www.uscis.gov/contactcenter.
• You can also find more information
at local USCIS offices, listed on the
USCIS website at https://www.uscis.gov/
about-us/find-a-uscis-office, after this
notice is published.
SUPPLEMENTARY INFORMATION:
Table of Abbreviations
BIA—Board of Immigration Appeals
CFR—Code of Federal Regulations
DHS—U.S. Department of Homeland
Security
E:\FR\FM\17JAN1.SGM
17JAN1
�
| File Type | application/pdf |
| File Modified | 2025-01-17 |
| File Created | 2025-01-17 |