Thursday, March 7, 2024

OMB Approves CISA’s ReadySetCyber ICR

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved an new information collection request (ICR) from CISA on “ReadySetCyber”, a new CISA cybersecurity assistance initiative. The 60-day ICR notice was published [removed from paywall] on August 10th, 2023. The 30-day ICR notice was published on December 12th, 2023.

The only thing of interest here (beyond the new program, of course) is the ‘Terms of Clearance’ comment OIRA added to the notice:

“Terms of Clearance: The agency updated the package to respond to comments received on the 30-day comment period.”

CISA added a ‘PRA adjudication’ document to their submittal package that addressed the four comments submitted to OIRA. One comment was an ‘attaboy’ supporting the proposed program. The other three were technical comments that, according to CISA, applied “to another Information Collection Request (ICR), Secure Software Development Attestation Common Form, and don’t apply to ReadySetCyber.”

For those interested, the ICR record includes a copy of the new “ReadySetCyber Self-Assessment.xlsx” document that the new program will now be allowed to use to collect information about the current state of cybersecurity at the organization applying for assistance.

No comments:

/* Use this with templates/template-twocol.html */