hlt.today logo n
Monday, January 22, 2024

CISA: 2022 Protected Critical Infrastructure Information Program

HLS.Today CISA 2022 Protected Critical Infrastructure Information Program

HLS.Today – The Department of Homeland Security (DHS) and Cybersecurity and Infrastructure Security Agency (CISA) are issuing a technical rule to improve and modernize aspects of the Protected Critical Infrastructure Information (PCII) Program, which provides legal protections for cyber and physical infrastructure information submitted to DHS. These non-substantive, technical edits amend the Protected Critical Infrastructure Information (PCII) Program regulation found at 6 CFR part 29, to help critical infrastructure owner/operators, state and local governments, and other important stakeholders more effectively use the PCII Program.



On September 1, 2006, DHS published the PCII Program regulation, 6 CFR part 29, “Procedures for Handling Critical Infrastructure Information; Final Rule.” Established as part of major security reforms following the 9/11 terror attacks, the PCII Program has become a cornerstone of CISA’s public-private partnership to secure our Nation’s cybersecurity and critical infrastructure by providing legal protections for information shared with the government by the private sector for homeland security purposes. This technical rule represents the first-ever update to the PCII regulations since their initial publication in 2006. Since then, the implementing component within DHS underwent substantial reorganization (i.e., transitioning the National Protection and Programs Directorate into CISA). As a result of this change, several technical revisions to 6 CFR part 29 were required to reflect updates to organization and to address typographical and other errors in the 2006 final rule. These improvements help to modernize the Program and further position CISA as the Nation’s lead cyber defense agency.   These technical, non-substantive revisions qualify for publication as a final rule without the notice and comment typically required by the Administrative Procedure Act.

“The PCII Program is essential to CISA’s ability to gather information about risks facing critical infrastructure,” said Dr. David Mussington, Executive Assistant Director for Infrastructure Security. “This technical rule modernizes and clarifies important aspects of the Program, making it easier for our partners to share information with DHS. These revisions further demonstrate our commitment to ensuring that sensitive, proprietary information shared with CISA remains secure and protected. I would like to thank CISA’s PCII Program Office and Office of the Chief Counsel for their hard work in making this technical rule a reality.”

These revisions constitute non-substantive technical, organizational, and conforming amendments in various sections of 6 CFR part 29 to correct errors, change addresses, update titles, and make other non-substantive amendments that improve the clarity of the PCII Program regulations. This rule does not create or change any substantive requirements. A complete description of the revisions is in the technical Final Rule, which can be found at 87 Fed. Reg. 77971 (December 21, 2022). An accompanying unofficial redline of the regulatory text, which is provided as a courtesy only, will be available at the PCII Program website for public view.

HLS.Today - CISA - pcii-management-system-fact-sheet-082021-508_page-0001


Congress created the Protected Critical Infrastructure Information (PCII) Program under the Critical Infrastructure Information Act of 2002 (CII Act) to protect information voluntarily shared with the government on the security of private and state/local government critical infrastructure. Title 6 Code of Federal Regulations (CFR) part 29, Procedures for Handling Critical Infrastructure Information; Final Rule, establishes uniform procedures on the receipt, validation, handling, storage, marking, and use of critical infrastructure information (CII) voluntarily submitted to the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security (DHS).

The protections offered by the PCII Program enhance the voluntary sharing of CII between infrastructure owners and operators and the government. The PCII Program protections provide homeland security partners confidence that sharing their information with the government will not expose sensitive or proprietary data to public disclosure.


HLS.Today - CISA - pcii-final-rule-federal-register-092006-508


HLS.Today - CISA - Critical-infrastructure-information-act-of-2002-012014


HLS.Today Source: CISA.GOV



Topics, Products, Events, Opportunities:

Our Weekly Top Articles

Related Articles

A comment or question? Drop us a line.

About HLS.Today

HLS.Today’s purpose is to cover news and information for the public and private sectors. We are also covering the latest product and service innovations in the homeland security and public safety industries at large. The main objective of this information platform is to provide professionals and executives with relevant information and tools to enrich their knowledge when making an informed decision.

We invite you to join our weekly newsletter, which will cover the featured stories and most read articles of the week in your email. We also don’t like spam emails and promise you we will not share your emails with anyone. Contact us and add your email to our mailing list.

Skip to content