CISA published (available online today) an 60-day information
collection request in Monday’s Federal Register (89
FR 68459-68460) for Nationwide Cyber Security Review Assessment (NCSR).
According to the
preamble to this ICR, the “CSD [CISA’s Cybersecurity Division] developed
the NCSR to measure the gaps and capabilities of cybersecurity programs within
SLTT [State, Local, Tribal, and Territorial] governments.” The preamble further
explains:
“The NCSR is an
annual voluntary self-assessment that is hosted on LogicManager [link added], which is a
technology platform that provides a foundation for managing policies, controls,
risks, assessments, and deficiencies across organizational lines of business.
The NCSR self-assessment runs every year, usually from October-February. In
efforts to increase participation, the deadline is sometimes extended. The
target audience for the NCSR are personnel within the SLTT community who are
responsible for the cybersecurity management within their organization.”
The table below shows the currently approved burden estimate and the new estimate being offered in this ICR.
Public Comments
CISA is soliciting comments on this ICR notice. Comments may
be submitted via the Federal eRulemaking Portal (www.Regulations.gov: Docket # CISA-2024-0021).
Comments should be submitted by October 25th, 2024.
For more details about this notice and the changes from the
currently approved ICR, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/cisa-publishes-nscr-60-day-icr-notice
- subscription required.
Posts
No comments:
Post a Comment