Effective today, DHS has published a set of procedures to guide the collection and use of critical infrastructure information through the Protected Critical Infrastructure Information (PCII) Program. The voluntary PCII program is designed to encourage and facilitate private sector sharing of sensitive or proprietary information with the government, for the purpose of assisting DHS vulnerability assessments and recovery plans.
The Department of Homeland Security has filed â€œProcedures for Handling Protected Critical Infrastructure Information” with the Federal Register for publication. This final rule, which became effective upon publication in the Federal Register September 1, 2006, amends Homeland Security regulations establishing uniform procedures to implement the Critical Infrastructure Information Act of 2002:
These procedures govern the receipt, validation, handling, storage, marking and use of critical infrastructure information voluntarily submitted to the Department of Homeland Security. This rule applies to all Federal agencies, all United States Government contractors, and State, local and other governmental entities that handle, use, store, or have access to critical infrastructure information that enjoys protection under the Critical Infrastructure Information Act of 2002.
Presumably, uniform and transparent procedures for DHS’ handling of this information will more fully and successfully engage the private sector. You can see the full text of the final rule here.