Regulations last checked for updates: Nov 22, 2024

Title 6 - Domestic Security last revised: Nov 19, 2024
§ 29.5 - Requirements for protection.

(a) CII receives the protections of the CII Act when:

(1) Such information is voluntarily submitted, directly or indirectly, to the PCII Program Office or a PCII Program Manager's Designee;

(2) The information is submitted for protected use regarding the security of critical infrastructure or protected systems, analysis, warning, interdependency study, recovery, reconstitution, or other appropriate purposes including, without limitation, for the identification, analysis, prevention, preemption, disruption, defense against and/or mitigation of terrorist threats to the homeland;

(3) The information is labeled with an express statement as follows:

(i) Documentary submissions. In the case of documentary submissions, a written marking on the information or records substantially similar to the following: “This information is voluntarily submitted to the federal government in expectation of protection from disclosure as provided by the provisions of the Critical Infrastructure Information Act of 2002, as amended by the Cybersecurity and Infrastructure Security Act of 2018”;

(ii) Oral submissions. In the case of oral submissions:

(A) Through an oral statement, made at the time of the oral submission or within a reasonable period of time thereafter, indicating an expectation of protection from disclosure as provided by the provisions of the CII Act; and

(B) Through a written statement substantially similar to the one specified above in paragraph (a)(3)(i) of this section accompanied by a document that memorializes the nature of the oral submission initially provided to the PCII Program Office or the PCII Program Manager's Designee within a reasonable period of time after making the oral submission; or

(iii) Electronic submissions. In the case of electronic submissions:

(A) Through an electronically submitted statement made within a reasonable period of time after making the electronic submission, indicating an expectation of protection from disclosure as provided by the provisions of the CII Act; or

(B) Through a non-electronically submitted written statement substantially similar to the one specified in paragraph (a)(3)(i) of this section accompanied by a document that memorializes the nature of the electronic submission initially provided to the PCII Program Office or the PCII Program Manager's Designee within a reasonable period after making the electronic submission; and

(4) The documentary, electronic, or oral submission is accompanied by a statement, signed by the submitting person or an authorized person on behalf of an entity identifying the submitting person or entity, containing such contact information as is considered necessary by the PCII Program Office, and certifying that the information being submitted is not customarily in the public domain.

(b) Information that is not submitted to the PCII Program Office or the PCII Program Manager's Designees will not qualify for protection under the CII Act. Only the PCII Program Office or a PCII Program Manager's Designee are authorized to acknowledge receipt of information submitted for consideration of protection under the CII Act.

(c) All Federal, State, and Local government entities must protect and maintain information as required by this part and by the provisions of the CII Act when that information is provided to the entity by the PCII Program Manager or a PCII Program Manager's Designee and is marked as required in § 29.6(c).

(d) All submissions seeking PCII status are presumed to have been submitted in good faith until validation or a determination not to validate is made pursuant to this part.

authority: 6 U.S.C. 671-674; Section 2222-2225 of the Homeland Security Act of 2002, Pub. L. 107-296, 116 Stat. 2135, as amended by Subtitle B of the Cybersecurity and Infrastructure Security Act of 2018, Pub. L. 115-278, 132 Stat. 4184. 5 U.S.C. 301.
source: 71 FR 52271, Sept. 1, 2006, as amended at 87 FR 77972, Dec. 21, 2022, unless otherwise noted.
cite as: 6 CFR 29.5