(a) Purpose of this part. This part implements the Critical Infrastructure Information Act of 2002 (CII Act) by establishing uniform procedures for the receipt, care, and storage of Critical Infrastructure Information voluntarily submitted to the Department of Homeland Security through CISA. Consistent with the statutory mission of DHS to prevent terrorist attacks within the United States and reduce the vulnerability of the United States to terrorism, CISA will encourage the voluntary submission of CII by safeguarding and protecting that information from unauthorized disclosure and by ensuring that such information is, as necessary, securely shared with State and Local governments pursuant to the CII Act. As required by the CII Act, this part establishes procedures regarding:
(1) The acknowledgment of receipt by CISA of voluntarily submitted CII;
(2) The receipt, validation, handling, storage, proper marking, and use of information as PCII;
(3) The safeguarding and maintenance of the confidentiality of such information and appropriate sharing of such information with State and Local governments or government agencies pursuant to 6 U.S.C. 673(a)(1)(E); and
(4) The issuance of advisories, notices, and warnings related to the protection of critical infrastructure or protected systems in such a manner to protect, as appropriate, from unauthorized disclosure the source of critical infrastructure information that forms the basis of the warning, and any information that is proprietary or business sensitive, might be used to identify the submitting person or entity, or is otherwise not appropriately in the public domain.
(b) Scope. This part applies to all persons and entities that are authorized to handle, use, store, or otherwise accept receipt of PCII.
authority: 6 U.S.C. 671-674; Section 2222-2225 of the Homeland Security Act of 2002, Pub. L. 107-296, 116 Stat. 2135, as amended by Subtitle B of the Cybersecurity and Infrastructure Security Act of 2018, Pub. L. 115-278, 132 Stat. 4184.
5 U.S.C. 301.
source: 71 FR 52271, Sept. 1, 2006, as amended at 87 FR 77972, Dec. 21, 2022, unless otherwise noted.
cite as: 6 CFR 29.1