Regulations last checked for updates: Nov 22, 2024

Title 6 - Domestic Security last revised: Nov 19, 2024
§ 29.4 - PCII Program administration.

(a) Cybersecurity and Infrastructure Security Agency. The Secretary of the Department of Homeland Security hereby designates the Director as the senior DHS official responsible for the direction and administration of the PCII Program. The Director administers this program through the Executive Assistant Director.

(b) Appointment of a PCII Program Manager. The Director will:

(1) Appoint a PCII Program Manager serving under the Executive Assistant Director who is responsible for the administration of the PCII Program;

(2) Commit resources necessary for the effective implementation of the PCII Program;

(3) Ensure that sufficient personnel, including detailees or assignees from other federal national security, homeland security, or law enforcement entities, as the Director deems appropriate, are assigned to the PCII Program to facilitate secure information sharing with appropriate authorities; and

(4) Promulgate implementing directives and prepare training materials, as appropriate, for the proper treatment of PCII.

(c) Appointment of PCII Program Officers. The PCII Program Manager will establish procedures to ensure that each DHS component and each Federal, State, or Local agency or entity that works with PCII appoints one or more employees to serve as a PCII Program Officer in order to carry out the responsibilities stated in paragraph (d) of this section. Persons appointed to serve as PCII Program Officers must be fully familiar with these procedures.

(d) Responsibilities of PCII Program Officers. PCII Program Officers:

(1) Oversee the handling, use, and storage of PCII;

(2) Ensure the secure sharing of PCII with appropriate authorities and individuals, as set forth in § 29.1(a), and paragraph (b)(3) of this section;

(3) Establish and maintain an ongoing self-inspection program including periodic review and assessment of compliance with handling, use, and storage of PCII;

(4) Establish additional procedures, measures, and penalties, as necessary, to prevent unauthorized access to PCII; and

(5) Ensure prompt and appropriate coordination with the PCII Program Manager regarding any request, challenge, or complaint arising out of the implementation of these regulations.

(e) Protected Critical Infrastructure Information Management System or PCIIMS. The PCII Program Manager will develop, for use by the PCII Program Office and the PCII Manager's Designees, an electronic database to be known as PCIIMS to record the receipt, acknowledgement, validation, storage, dissemination, and destruction of PCII. This compilation of PCII must be safeguarded and protected in accordance with the provisions of the CII Act. The PCII Program Manager may require the completion of appropriate background investigations of an individual before granting that individual access to any PCII.

authority: 6 U.S.C. 671-674; Section 2222-2225 of the Homeland Security Act of 2002, Pub. L. 107-296, 116 Stat. 2135, as amended by Subtitle B of the Cybersecurity and Infrastructure Security Act of 2018, Pub. L. 115-278, 132 Stat. 4184. 5 U.S.C. 301.
source: 71 FR 52271, Sept. 1, 2006, as amended at 87 FR 77972, Dec. 21, 2022, unless otherwise noted.
cite as: 6 CFR 29.4