81 FR 17243 - Federal Financial Institutions Examination Council Cybersecurity Assessment Tool Working Session in the National Institute of Standards and Technology Cybersecurity Framework Workshop
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency Federal Register Volume 81, Issue 59 (March 28, 2016)
Office of the Comptroller of the Currency
Federal Register Volume 81, Issue 59 (March 28, 2016)
| Page Range | 17243-17244 | |
| FR Document | 2016-06949 |
[Federal Register Volume 81, Number 59 (Monday, March 28, 2016)] [Notices] [Pages 17243-17244] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2016-06949] ======================================================================= ----------------------------------------------------------------------- DEPARTMENT OF THE TREASURY Office of the Comptroller of the Currency Federal Financial Institutions Examination Council Cybersecurity Assessment Tool Working Session in the National Institute of Standards and Technology Cybersecurity Framework Workshop AGENCY: Office of the Comptroller of the Currency (``OCC''), Treasury. ACTION: Notice of public meeting. ----------------------------------------------------------------------- SUMMARY: The OCC, on behalf of itself, the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, and National Credit Union Administration (Agencies), announces a public meeting to receive feedback on the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (Assessment). DATES: The Agencies will hold a public meeting on the Assessment on Thursday, April 7, 2016, beginning at 9:00 a.m. Eastern Daylight Time (EDT). The public meeting is a part of the National Institute of Standards and Technology (NIST) cybersecurity framework workshop, taking place on Wednesday, April 6, and Thursday, April 7, 2016. The public meeting on the Assessment will be a separate working session (Assessment working session) during the NIST workshop and will be open to any individual registered for the NIST workshop. Registrations for the NIST workshop will be accepted until March 31, 2016 11:59 p.m. EDT. There is no cost for registering for the workshop or attending the working session. Attendance at the Assessment working session will be on a first-come, first-served basis. The NIST workshop, including the Assessment working session, will be Webcast at http://www.nist.gov/itl/acd/cybersecurity-framework-workshop-2016.cfm. ADDRESSES: The Assessment working session will be held on April 7, 2016 at 9:00 a.m., at the NIST Campus, 100 Bureau Drive, Gaithersburg, Maryland 20899. All participants must pre-register at http://www.nist.gov/itl/acd/cybersecurity-framework-workshop-2016.cfm. FOR FURTHER INFORMATION CONTACT: Beth Knickerbocker, Counsel (202) 649- 5490, for persons who are deaf or hard of hearing, TTY, (202) 649-5597, Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, 400 7th Street SW., Suite 3E-218, Mail Stop 9W-11, Washington, DC 20219. SUPPLEMENTARY INFORMATION: The FFIEC, on behalf of its members, released the Assessment on June 30, 2015, to help institutions identify their cyber risk and assess their cybersecurity preparedness. The purpose of the Assessment working session is to obtain substantive input from financial institutions and other interested parties on ways to improve the Assessment. The Agencies are holding the Assessment working session on April 7, 2016, as a part of the NIST workshop, at the NIST Campus--100 Bureau Drive, Gaithersburg, Maryland 20899. The NIST workshop, including the Assessment working session, will be Webcast online at http://www.nist.gov/itl/acd/cybersecurity-framework-workshop-2016.cfm. The in- person Assessment working session will be open to any individual registered for the NIST workshop and attendance will be on a first- come, first-served basis. There is no cost for registering for the workshop or attending the working session. The Assessment working session will provide a forum for discussion of all aspects of the Assessment and will be an opportunity for interested persons to ask questions about the Assessment. Specifically, interested parties are encouraged to provide feedback on the Assessment's inherent risk profile, cybersecurity maturity, and supplemental materials. The Agencies may limit the time available to individuals seeking to provide their input, if needed, in order to accommodate the number of people desiring to speak. All participants in the Assessment working session must pre- register for the NIST workshop at http://www.nist.gov/itl/acd/cybersecurity-framework-workshop-2016.cfm. Further details about the NIST workshop, including the Assessment working session, are published on the NIST Web site at http://www.nist.gov/itl/acd/cybersecurity-framework-workshop-2016.cfm. The agenda for the NIST workshop is posted at http://www.nist.gov/itl/acd/upload/Agenda_Cybersec-2.pdf. [[Page 17244]] Additional Background on Assessment Cyber threats have evolved and increased exponentially with greater sophistication. Cyber attacks on financial institutions may not only result in access to, and the compromise of, confidential information, but also the destruction of critical data and systems. Disruption, degradation, or unauthorized alteration of information and systems can affect an institution's operations and core processes and undermine confidence in the nation's financial services sector. The Agencies, under the auspices of the FFIEC, developed the Assessment to assist financial institutions of all sizes in assessing their inherent cyber risks and their cybersecurity preparedness. The Assessment is intended to allow a financial institution to identify its inherent cyber risk profile based on the financial institution's technologies and connection types, delivery channels, online/mobile products and technology services it offers, organizational characteristics, and current threats. Once an institution identifies its inherent cyber risk profile, it will then determine its cybersecurity maturity levels based on the institution's cyber risk management and oversight, threat intelligence and collaboration, cybersecurity controls, external dependency management, and cyber incident management and resilience. A financial institution can use the Assessment to identify opportunities for improving the institution's cybersecurity preparedness. Use of the Assessment by financial institutions is not mandatory. Additional information on the Assessment and supporting materials are available on the FFIEC's Web site at http://www.ffiec.gov/cyberassessmenttool.htm. Dated: March 23, 2016. Thomas J. Curry, Comptroller of the Currency. [FR Doc. 2016-06949 Filed 3-25-16; 8:45 am] BILLING CODE 4810-01-P
![Federal Register / Vol. 81, No. 59 / Monday, March 28, 2016 / Notices 17243
from their dates of inception. This 60220); December 7, 2015 (80 FR at http://www.nist.gov/itl/acd/
driver, Dr. Wolfgang Bernhard, holds a 76059); December 21, 2015 (80 FR cybersecurity-framework-workshop-
valid German commercial license but is 79410)]. 2016.cfm.
unable to obtain a CDL in any of the Issued on: March 21, 2016.
U.S. States due to residency FOR FURTHER INFORMATION CONTACT: Beth
Larry W. Minor, Knickerbocker, Counsel (202) 649–5490,
requirements. A copy of the request for
renewal, dated February 22 and 23, Associate Administrator for Policy. for persons who are deaf or hard of
2016, is in the docket identified at the [FR Doc. 2016–06953 Filed 3–25–16; 8:45 am] hearing, TTY, (202) 649–5597,
beginning of this notice. BILLING CODE 4910–EX–P Legislative and Regulatory Activities
FMCSA initially granted an Division, Office of the Comptroller of
exemption to Dr. Bernhard on August the Currency, 400 7th Street SW., Suite
29, 2014 (79 FR 51641). This exemption DEPARTMENT OF THE TREASURY 3E–218, Mail Stop 9W–11, Washington,
was effective August 29, 2014, and DC 20219.
expires August 29, 2016. Detailed Office of the Comptroller of the SUPPLEMENTARY INFORMATION: The
information about the qualifications and Currency FFIEC, on behalf of its members,
experience of Dr. Bernhard was released the Assessment on June 30,
provided by Daimler in its original Federal Financial Institutions 2015, to help institutions identify their
application, a copy of which is in the Examination Council Cybersecurity cyber risk and assess their cybersecurity
docket. Renewal of the exemption will Assessment Tool Working Session in preparedness. The purpose of the
enable Dr. Bernhard to operate CMVs in the National Institute of Standards and Assessment working session is to obtain
interstate or intrastate commerce to Technology Cybersecurity Framework substantive input from financial
support Daimler field tests designed to Workshop institutions and other interested parties
meet future vehicle safety and AGENCY: Office of the Comptroller of the on ways to improve the Assessment.
environmental requirements and to Currency (‘‘OCC’’), Treasury. The Agencies are holding the
promote technological advancements in ACTION: Notice of public meeting. Assessment working session on April 7,
vehicle safety systems and emissions 2016, as a part of the NIST workshop,
reductions. Dr. Bernhard needs to drive SUMMARY: The OCC, on behalf of itself, at the NIST Campus—100 Bureau Drive,
Daimler vehicles on public roads to the Board of Governors of the Federal Gaithersburg, Maryland 20899. The
better understand ‘‘real world’’ Reserve System, Federal Deposit NIST workshop, including the
environments in the U.S. market. Insurance Corporation, and National Assessment working session, will be
According to Daimler, Dr. Bernhard will Credit Union Administration Webcast online at http://www.nist.gov/
typically drive for no more than 6 hours (Agencies), announces a public meeting itl/acd/cybersecurity-framework-
per day for 2 consecutive days, and that to receive feedback on the Federal workshop-2016.cfm. The in-person
10 percent of the test driving will be on Financial Institutions Examination Assessment working session will be
two-lane state highways, while 90 Council (FFIEC) Cybersecurity open to any individual registered for the
percent will be on interstate highways. Assessment Tool (Assessment). NIST workshop and attendance will be
The driving will consist of no more than on a first-come, first-served basis. There
DATES: The Agencies will hold a public
200 miles per day, for a total of 400 is no cost for registering for the
meeting on the Assessment on
miles during a two-day period on a workshop or attending the working
Thursday, April 7, 2016, beginning at
quarterly basis. He will in all cases be session. The Assessment working
9:00 a.m. Eastern Daylight Time (EDT).
accompanied by a holder of a U.S. CDL session will provide a forum for
The public meeting is a part of the
who is familiar with the routes to be discussion of all aspects of the
National Institute of Standards and
traveled. Assessment and will be an opportunity
Daimler has explained in prior Technology (NIST) cybersecurity
framework workshop, taking place on for interested persons to ask questions
exemption requests that the German
Wednesday, April 6, and Thursday, about the Assessment. Specifically,
knowledge and skills tests and training
program ensure that Daimler’s drivers April 7, 2016. The public meeting on interested parties are encouraged to
operating under the exemption will the Assessment will be a separate provide feedback on the Assessment’s
achieve a level of safety that is working session (Assessment working inherent risk profile, cybersecurity
equivalent to, or greater than, the level session) during the NIST workshop and maturity, and supplemental materials.
of safety obtained by complying with will be open to any individual The Agencies may limit the time
the U.S. requirement for a CDL. registered for the NIST workshop. available to individuals seeking to
Furthermore, according to Daimler, Dr. Registrations for the NIST workshop provide their input, if needed, in order
Bernhard is familiar with the operation will be accepted until March 31, 2016 to accommodate the number of people
of CMVs worldwide. 11:59 p.m. EDT. There is no cost for desiring to speak.
registering for the workshop or All participants in the Assessment
IV. Method To Ensure an Equivalent or attending the working session. working session must pre-register for
Greater Level of Safety Attendance at the Assessment working the NIST workshop at http://
FMCSA has previously determined session will be on a first-come, first- www.nist.gov/itl/acd/cybersecurity-
that the process for obtaining a German served basis. The NIST workshop, framework-workshop-2016.cfm.
commercial license is comparable to, or including the Assessment working Further details about the NIST
as effective as, the requirements of part session, will be Webcast at http:// workshop, including the Assessment
Lhorne on DSK5TPTVN1PROD with NOTICES
383, and adequately assesses the www.nist.gov/itl/acd/cybersecurity- working session, are published on the
driver’s ability to operate CMVs in the framework-workshop-2016.cfm. NIST Web site at http://www.nist.gov/
U.S. Since 2012, FMCSA has granted ADDRESSES: The Assessment working itl/acd/cybersecurity-framework-
Daimler drivers similar exemptions session will be held on April 7, 2016 at workshop-2016.cfm. The agenda for the
[May 25, 2012 (77 FR 31422); July 22, 9:00 a.m., at the NIST Campus, 100 NIST workshop is posted at http://
2014 (79 FR 42626); March 27, 2015 (80 Bureau Drive, Gaithersburg, Maryland www.nist.gov/itl/acd/upload/Agenda_
FR 16511); October 5, 2015 (80 FR 20899. All participants must pre-register Cybersec-2.pdf.
VerDate Sep<11>2014 14:52 Mar 25, 2016 Jkt 238001 PO 00000 Frm 00111 Fmt 4703 Sfmt 4703 E:\FR\FM\28MRN1.SGM 28MRN1](https://thefederalregister.org/doc/81_FR_17302/page/1.svg)
![17244 Federal Register / Vol. 81, No. 59 / Monday, March 28, 2016 / Notices
Additional Background on Assessment DATES: The meeting will be held April ADDRESSES: Direct all written comments
Cyber threats have evolved and 20–21, 2016. to Tuawana Pinkston, Internal Revenue
increased exponentially with greater ADDRESSES: The closed meeting of the Service, Room 6526, 1111 Constitution
sophistication. Cyber attacks on Art Advisory Panel will be held at 290 Avenue NW., Washington, DC 20224.
financial institutions may not only Broadway, New York, NY 10007. FOR FURTHER INFORMATION CONTACT:
result in access to, and the compromise FOR FURTHER INFORMATION CONTACT: Requests for additional information or
of, confidential information, but also the Maricarmen Cuello, AP:SO:AAS, 51 SW copies of the form and instructions
destruction of critical data and systems. 1st Avenue, Room 1014, Miami, FL should be directed to Kerry Dennis at
Disruption, degradation, or 33130. Telephone (305) 982–5364 (not a Internal Revenue Service, Room 6526,
unauthorized alteration of information toll free number). 1111 Constitution Avenue NW.,
and systems can affect an institution’s SUPPLEMENTARY INFORMATION: Notice is Washington, DC 20224, or through the
operations and core processes and hereby given pursuant to section internet at Kerry.Dennis@irs.gov.
undermine confidence in the nation’s 10(a)(2) of the Federal Advisory SUPPLEMENTARY INFORMATION:
financial services sector. Committee Act, 5 U.S.C. App., that a Title: Exempt Organization Business
The Agencies, under the auspices of closed meeting of the Art Advisory Income Tax Return.
the FFIEC, developed the Assessment to Panel will be held at 290 Broadway, OMB Number: 1545–0687.
assist financial institutions of all sizes New York, NY 10007. Form Number: Form 990–T.
in assessing their inherent cyber risks The agenda will consist of the review Abstract: Form 990–T is used to
and their cybersecurity preparedness. and evaluation of the acceptability of report and compute the unrelated
The Assessment is intended to allow a fair market value appraisals of works of business income tax imposed on exempt
financial institution to identify its art involved in Federal income, estate, organizations by Internal Revenue Code
inherent cyber risk profile based on the or gift tax returns. This will involve the section 511 and the proxy tax imposed
financial institution’s technologies and discussion of material in individual tax by Code section 6033(e). The form
connection types, delivery channels, returns made confidential by the provides the IRS with the information
online/mobile products and technology provisions of 26 U.S.C. 6103. necessary to determine that the tax has
services it offers, organizational A determination as required by been properly computed.
characteristics, and current threats. section 10(d) of the Federal Advisory Current Actions: The agency has
Once an institution identifies its Committee Act has been made that this updated the estimated number of
inherent cyber risk profile, it will then meeting is concerned with matters listed respondents based on its most recent
determine its cybersecurity maturity in sections 552b(c)(3), (4), (6), and (7), filing data. The additional respondents
levels based on the institution’s cyber of the Government in the Sunshine Act, results in a burden increase of
risk management and oversight, threat and that the meeting will not be open 24,167,406 hours resulting in a new
intelligence and collaboration, to the public. total burden of 29,429,725 hours.
cybersecurity controls, external Type of Review: Revision of a
Kirsten B. Wielobob, currently approved collection.
dependency management, and cyber
Chief, Appeals. Affected Public: Not-for-profit
incident management and resilience. A
[FR Doc. 2016–06950 Filed 3–25–16; 8:45 am] institutions.
financial institution can use the
Assessment to identify opportunities for BILLING CODE 4830–01–P Estimated Number of Respondents:
improving the institution’s 207,500.
cybersecurity preparedness. Use of the Estimated Time per Respondent: 141
Assessment by financial institutions is DEPARTMENT OF THE TREASURY hrs., 48 min.
not mandatory. Additional information Estimated Total Annual Burden
Internal Revenue Service Hours: 29,429,725.
on the Assessment and supporting
materials are available on the FFIEC’s Proposed Collection; Comment The following paragraph applies to all
Web site at http://www.ffiec.gov/ Request for Form 990–T of the collections of information covered
cyberassessmenttool.htm. by this notice:
AGENCY: Internal Revenue Service (IRS), An agency may not conduct or
Dated: March 23, 2016.
Treasury. sponsor, and a person is not required to
Thomas J. Curry, respond to, a collection of information
ACTION: Notice and request for
Comptroller of the Currency. comments. unless the collection of information
[FR Doc. 2016–06949 Filed 3–25–16; 8:45 am] displays a valid OMB control number.
BILLING CODE 4810–01–P SUMMARY: The Department of the Books or records relating to a collection
Treasury, as part of its continuing effort of information must be retained as long
to reduce paperwork and respondent as their contents may become material
DEPARTMENT OF THE TREASURY burden, invites the general public and in the administration of any internal
other Federal agencies to take this revenue law. Generally, tax returns and
Internal Revenue Service opportunity to comment on proposed tax return information are confidential,
and/or continuing information as required by 26 U.S.C. 6103.
Art Advisory Panel—Notice of Closed collections, as required by the
Meeting Request for Comments: Comments
Paperwork Reduction Act of 1995, submitted in response to this notice will
AGENCY: Internal Revenue Service, Public Law 104–13 (44 U.S.C. be summarized and/or included in the
Lhorne on DSK5TPTVN1PROD with NOTICES
Treasury. 3506(c)(2)(A)). Currently, the IRS is request for OMB approval. All
ACTION: Notice of Closed Meeting of Art
soliciting comments concerning Form comments will become a matter of
Advisory Panel. 990–T, Exempt Organization Business public record. Comments are invited on:
Income Tax Return. (a) Whether the collection of
SUMMARY: Closed meeting of the Art DATES: Written comments should be information is necessary for the proper
Advisory Panel will be held in New received on or before May 27, 2016 to performance of the functions of the
York, NY. be assured of consideration. agency, including whether the
VerDate Sep<11>2014 14:52 Mar 25, 2016 Jkt 238001 PO 00000 Frm 00112 Fmt 4703 Sfmt 4703 E:\FR\FM\28MRN1.SGM 28MRN1](https://thefederalregister.org/doc/81_FR_17302/page/2.svg)
Document Created: 2016-03-26 00:13:25
Document Modified: 2016-03-26 00:13:25
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice of public meeting. | |
| Dates | The Agencies will hold a public meeting on the Assessment on Thursday, April 7, 2016, beginning at 9:00 a.m. Eastern Daylight Time (EDT). The public meeting is a part of the National Institute of Standards and Technology (NIST) cybersecurity framework workshop, taking place on Wednesday, April 6, and Thursday, April 7, 2016. The public meeting on the Assessment will be a separate working session (Assessment working session) during the NIST workshop and will be open to any individual registered for the NIST workshop. Registrations for the NIST workshop will be accepted until March 31, 2016 11:59 p.m. EDT. There is no cost for registering for the workshop or attending the working session. Attendance at the Assessment working session will be on a first-come, first-served basis. The NIST workshop, including the Assessment working session, will be Webcast at http://www.nist.gov/itl/ acd/cybersecurity-framework-workshop-2016.cfm. | |
| Contact | Beth Knickerbocker, Counsel (202) 649- 5490, for persons who are deaf or hard of hearing, TTY, (202) 649-5597, Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, 400 7th Street SW., Suite 3E-218, Mail Stop 9W-11, Washington, DC 20219. | |
| FR Citation | 81 FR 17243 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR