View Information Collection Request (ICR) Package

OMB Control No: 1670-0009	ICR Reference No: 202312-1670-001
Status: Historical Active	Previous ICR Reference No: 201911-1670-001
Agency/Subagency: DHS/CISA	Agency Tracking No: PRA-ISD-00001301
Title: CISA Gateway User Registration
Type of Information Collection: Reinstatement with change of a previously approved collection	Common Form ICR: No
Type of Review Request: Emergency	Approval Requested By: 12/19/2023
OIRA Conclusion Action: Approved without change	Conclusion Date: 12/19/2023
	Date Received in OIRA: 12/19/2023
Terms of Clearance:

	Inventory as of this Action	Requested	Previously Approved
Expiration Date	06/30/2024	6 Months From Approved
Responses	200	0	0
Time Burden (Hours)	67	0	0
Cost Burden (Dollars)	0	0	0

Abstract: The Presidential Policy Directive-21 (PPD-21) (2013) and the National Infrastructure Protection Plan (NIPP) (2013) (Public Law 107-296) highlight the need for a centrally managed repository of infrastructure attributes capable of assessing risks and facilitating data sharing. To support this mission need, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has developed the IP Gateway. The IP Gateway contains several capabilities which support the homeland security mission in the area of critical infrastructure (CI) protection. The purpose of this collection is to gather the details pertaining to the users of the IP Gateway for the purpose of creating accounts to access the IP Gateway. This information is also used to verify a need to know to access the IP Gateway. After being vetted and granted access, users are prompted and required to take an online training course upon first logging into the system. After completing the training, users are permitted full access to the system. In addition, this collection will gather feedback from the users of the IP Gateway to determine any future system improvements.

Emergency Justfication: 1. Essential to the Agency: The Presidential Policy Directive-21 (PPD-21) (2013) and the National Infrastructure Protection Plan (NIPP) (2013) (Public Law 107-296) highlight the need for a centrally managed repository of infrastructure attributes capable of assessing risks and facilitating data sharing. To support this mission need, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has developed the CISA Gateway. The CISA Gateway contains several capabilities which support the homeland security mission in the area of critical infrastructure (CI) protection. This collection is leveraged by the Critical Infrastructure community, CISA Protective Security Advisors, State Fusion Centers, State, Local, Tribal, and Territorial Governing Coordinating Council (SLTTGCC), Facility owners/operators, and many other government and private partners and sectors. The collection of information uses automated electronic forms. During the online registration process, there is an electronic form used to create a user account and an online training course required to grant access. 2. The use of normal clearance procedures is reasonably likely to cause a statutory deadline to be missed: This request for review and approval is vital to continue the mission of the CISA Gateway and support to the Gateway user community. By not collecting this information, the CISA Gateway program is not able to vet and verify a users need to know and cannot not grant access to the system. It is vital that CISA regains this essential capability as soon as possible to support immediate needs in response to delivering and supporting the many SLTT communities that rely on this CISA capability. 3. Public harm is reasonably likely to result if normal clearance procedures are followed: This request for review and approval is vital to continue the mission of the CISA Gateway and support to the Gateway user community. Without this information collection, the CISA Gateway program will be unable to vet and verify a user’s need to know sensitive information and cannot grant access to the system. The CISA Gateway provides users with some of the most sensitive data available on critical infrastructure, so such an outcome poses a sufficient threat to national security that the system itself might need to be taken offline. This scenario presents a reasonable likelihood that public harm could result. If a potential threat presents itself to CISA, other government agencies, and/or SLTT partners, CISA would not have the ability to provide the Critical Infrastructure data necessary for those private and public partners to effectively respond to a potential threat or event. It is vital that CISA retains this essential capability to support immediate needs in response to delivering and supporting the many SLTT communities that rely on this CISA capability should a Critical Infrastructure event occur to protect the homeland. Since such events can and do occur at random, normal clearance procedures must be stopgrapped by an emergency clearance.

Authorizing Statute(s): PL: Pub.L. 107 - 296 Homeland Security Name of Law: Homeland Security Act of 2002
EO: EO 21 Name/Subject of EO: PPD-21

Citations for New Statutory Requirements: None

Associated Rulemaking Information
RIN:	Stage of Rulemaking:	Federal Register Citation:	Date:
	Not associated with rulemaking

Federal Register Notices & Comments
Did the Agency receive public comments on this ICR? No

Number of Information Collection (IC) in this ICR: 2

IC Title	Form No.	Form Name
IP Gateway Registration
IP Gateway Registration Training
IP Gateway Utilization Survey	n/a

ICR Summary of Burden

	Total Approved	Change Due to Adjustment in Estimate	Change Due to Potential Violation of the PRA
Annual Number of Responses	200	-150	350
Annual Time Burden (Hours)	67	-25	92
Annual Cost Burden (Dollars)	0	0	0

Burden increases because of Program Change due to Agency Discretion: No

Burden Increase Due to:

Burden decreases because of Program Change due to Agency Discretion: No

Burden Reduction Due to:

Short Statement: The change in burden hours is attributed to the removal of the the "IP Gateway Utilization Survey".

Annual Cost to Federal Government: $5,723

Does this IC contain surveys, censuses, or employ statistical methods? No

Does this ICR request any personally identifiable information (see OMB Circular No. A-130 for an explanation of this term)? Please consult with your agency's privacy program when making this determination. Yes

Does this ICR include a form that requires a Privacy Act Statement (see 5 U.S.C. §552a(e)(3))? Please consult with your agency's privacy program when making this determination. Yes

Is this ICR related to the Affordable Care Act [Pub. L. 111-148 & 111-152]? No

Is this ICR related to the Dodd-Frank Wall Street Reform and Consumer Protection Act, [Pub. L. 111-203]? No

Is this ICR related to the American Recovery and Reinvestment Act of 2009 (ARRA)? No

Is this ICR related to the Pandemic Response? No

Agency Contact: Benjamin Thomsen 202 254-7179 benjamin.thomsen@cisa.dhs.gov

View ICR - OIRA Conclusion