Skip to Content


Assessment Questionnaire-IP Sector Specific Agency Risk Self Assessment Tool (IP-SSARSAT)

Document Details

Information about this document as published in the Federal Register.

Enhanced Content

Relevant information about this document from provides additional context. This information is not part of the official Federal Register document.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.


30-day Notice and request for comments; New Information Collection Request, 1670-NEW.


The Department of Homeland Security (DHS), National Protection and Programs Directorate (NPPD), Office of Infrastructure Protection (IP), Sector Outreach and Programs Division (SOPD), previously named the Sector Specific Agency Executive Management Office, will submit the following information collection request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995 (Pub. L. 104-13, 44 U.S.C. chapter 35). NPPD is soliciting comments concerning new Information Collection Request—Assessment Questionnaire—IP Sector Specific Agency Risk Self Assessment Tool (IP-SSARSAT). DHS previously published this ICR in the Federal Register on December 29, 2011, for a 60-day public comment period. DHS received no comments. The purpose of this notice is to allow an additional 30 days for public comments.


Comments are encouraged and will be accepted until July 5, 2012. This process is conducted in accordance with 5 CFR 1320.10.


Interested persons are invited to submit written comments on the proposed information collection to the Office of Information and Regulatory Affairs, OMB. Comments should be addressed to OMB Desk Officer, DHS, Office of Civil Rights and Civil Liberties. Comments must be identified by DHS-2011-0069 and may be submitted by one of the following methods:

Instructions: All submissions received must include the words “Department of Homeland Security” and the docket number for this action. Comments received will be posted without alteration at, including any personal information provided.

OMB is particularly interested in comments that:

1. Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;

2. Evaluate the accuracy of the agency's estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used;

3. Enhance the quality, utility, and clarity of the information to be collected; and

4. Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submissions of responses.


Jay Robinson, DHS/NPPD/IP/SOPD,


To assist SOPD in identifying and assessing the vulnerabilities and risks pertaining to the critical infrastructures, owner-operators and/or security managers often volunteer to conduct an automated self risk assessment. The requested questionnaire information is necessary to facilitate electronic execution of SOPD's risk assessment to focus protection resources and activities on those assets, systems, networks, and functions with the highest risk profiles. Currently, there is no known data collection that includes multiple critical nodes with sector-specific related criteria. When the user logs into the system, the user will be prompted with the assessment questionnaire. Once the user begins the assessment, the only information required to be submitted to (and shared with) DHS before completing the assessment is venue identification information (e.g., contact information, address, latitude/longitude, venue type, or capacity). A user can elect to share the entire completed assessment with DHS. The assessment information is protected as Protected Critical Infrastructure Information. The information from the assessment will be used to assess the risk to the evaluated entity (e.g., calculate a vulnerability score by threat, evaluate protective/mitigation measures relative to vulnerability, calculate a risk score, or report threats presenting highest risks). The information will also be combined with data from other respondents to provide an overall sector perspective (e.g., report additional relevant protective/mitigation measures for consideration).


Agency: Department of Homeland Security, National Protection and Programs Directorate, Office of Infrastructure Protection, Sector Outreach and Programs Division.

Title: Assessment Questionnaire—IP Sector Specific Agency Risk Self Assessment Tool (IP-SSARSAT).

OMB Number: 1670-NEW.

Frequency: On occasion.

Affected Public: Private Sector.

Number of Respondents: 4,000 respondents.

Estimated Time per Respondent: 8 hours.

Total Burden Hours: 32,000 annual burden hours.

Total Burden Cost (capital/startup): $0.

Total Burden Cost (operating/maintaining): $14,440.00.

Dated: May 24, 2012.

Scott Libby,

Acting Chief Information Officer, National Protection and Programs Directorate, Department of Homeland Security.

[FR Doc. 2012-13597 Filed 6-4-12; 8:45 am]