Assessment Questionnaire-IP Sector Specific Agency Risk Self Assessment Tool (IP-SSARSAT)
The Department of Homeland Security (DHS), National Protection and Programs Directorate (NPPD), Office of Infrastructure Protection (IP), Sector Specific Agency Executive Management Office (SSA EMO) will submit the following Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995 (Pub. L. 104-13, 44 U.S.C. Chapter 35).
Comments are encouraged and will be accepted until February 27, 2012. This process is conducted in accordance with 5 CFR 1320.1.
Written comments and questions about this Information Collection Request should be forwarded to DHS/NPPD/IP/SSA EMO, 245 Murray Lane SW., Mail Stop 0640, Arlington, VA 20598-0630. Emailed requests should go to Jay Robinson, firstname.lastname@example.org. Comments must be identified by “DHS-2011-0069” and may be submitted by one of the following methods:
•Federal eRulemaking Portal: http://www.regulations.gov.
•Email: Include the docket number in the subject line of the message.
Instructions: All submissions received must include the words “Department of Homeland Security” and the docketnumber for this action. Comments received will be posted without alteration at http://www.regulations.gov, including any personal information provided.
In order to identify and assess the vulnerabilities and risks pertaining to the critical infrastructures and key resources by the SSA EMO, owner-operators and/or security managers often volunteer to conduct an automated self risk assessment. The requested questionnaire information is necessary in order to facilitate electronic execution of the SSA EMO's risk assessment to focus protection resources and activities on those assets, systems, networks, and functions with the highest risk profiles. Currently, there is no known data collection that includes multiple critical nodes with specific sector related criteria. After the user logs into the system the user will be prompted with the assessment questionnaire and will answer various questions to input the data. Once the user begins the assessment, the only information required to be submitted to (and shared with) DHS before completing the assessment is venue identification information (e.g., point-of-contact information, address, latitude/longitude, venue type, or capacity). A user can elect to share their entire completed assessment with DHS, which will protect the information as Protected Critical Infrastructure Information (PCII). The information from the assessment will be used to assess the risk of the evaluated entity (e.g., calculate a vulnerability score by threat, evaluate protective/mitigation measures relative to vulnerability, calculate a risk score, or report threats presenting highest risks). The information will also be combined with data from other respondents to provide an overall sector perspective (e.g., report additional relevant protective/mitigation measures for consideration).OMB is particularly interested in comments which:
1. Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;
2. Evaluate the accuracy of the agency's estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used;
3. Enhance the quality, utility, and clarity of the information to be collected; and
4. Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submissions of responses.
Agency: Department of Homeland Security, National Protection and Programs Directorate, Office of Infrastructure Protection, Sector Specific Agency Executive Management Office.
Title: Assessment Questionnaire—IP Sector Specific Agency Risk Self Assessment Tool (IP-SSARSAT).
Frequency: On occasion.
Affected Public: Private Sector.
Number of Respondents:4,000 respondents.
Estimated Time per Respondent:8 hours.
Total Burden Hours:32,000 annual burden hours.
Total Burden Cost (capital/startup):$0.
Total Burden Cost (operating/maintaining):$14,440.00.Dated: December 22, 2011. David Epperson, Chief Information Officer, National Protection and Programs Directorate, Department of Homeland Security.