Revision of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security Reviews and TSA Security Directive Pipeline-2021-02 Series

<html>
<head>
<title>Federal Register, Volume 91 Issue 1 (Friday, January 2, 2026)</title>
</head>
<body><pre>
[Federal Register Volume 91, Number 1 (Friday, January 2, 2026)]
[Notices]
[Pages 149-150]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2025-24198]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration


Revision of Agency Information Collection Activity Under OMB 
Review: Pipeline Corporate Security Reviews and TSA Security Directive 
Pipeline-2021-02 Series

AGENCY: Transportation Security Administration, DHS.

ACTION: 30-Day notice.

-----------------------------------------------------------------------

SUMMARY: This notice announces that the Transportation Security 
Administration (TSA) has forwarded the Information Collection Request 
(ICR), Office of Management and Budget (OMB) control number 1652-0056, 
abstracted below, to OMB for review and approval of a revision of the 
currently approved collection under the Paperwork Reduction Act (PRA). 
The ICR describes the nature of the information collection and its 
expected burden. The collection allows TSA to assess the current 
security practices in the pipeline industry through TSA's Pipeline 
Corporate Security Review (CSR) program and allows for the continuation 
of mandatory cybersecurity requirements under the TSA Security 
Directive (SD) Pipeline-2021-02 series.

DATES: Send your comments by February 2, 2026. A comment to OMB is most 
effective if OMB receives it within 30 days of publication.

ADDRESSES: Written comments and recommendations for the proposed 
information collection should be sent within 30 days of publication of 
this notice to <a href="https://www.reginfo.gov/public/do/PRAMain">https://www.reginfo.gov/public/do/PRAMain</a>. Find this 
particular information collection by selecting ``Currently under 
Review--Open for Public Comments'' and by using the find function.

FOR FURTHER INFORMATION CONTACT: Christina A. Walsh, TSA PRA Officer, 
Information Technology, TSA-11, Transportation Security Administration, 
6595 Springfield Center Drive, Springfield, VA 20598-6011; telephone 
(571) 227-2062; email <a href="/cdn-cgi/l/email-protection#dc888f9d8c8e9d9ca8afbdf2b8b4aff2bbb3aa"><span class="__cf_email__" data-cfemail="a2f6f1e3f2f0e3e2d6d1c38cc6cad18cc5cdd4">[email&#160;protected]</span></a>.

SUPPLEMENTARY INFORMATION: TSA published a Federal Register notice, 
with a 60-day comment period soliciting comments, of the following 
collection of information on August 1, 2025, 90 FR 36169. TSA did not 
receive any comments on the notice.

Comments Invited

    In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3501

[[Page 150]]

et seq.), an agency may not conduct or sponsor, and a person is not 
required to respond to, a collection of information unless it displays 
a valid OMB control number. The ICR documentation will be available at 
<a href="https://www.reginfo.gov">https://www.reginfo.gov</a> upon its submission to OMB. Therefore, in 
preparation for OMB review and approval of the following information 
collection, TSA is soliciting comments to--
    (1) Evaluate whether the proposed information requirement is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    (2) Evaluate the accuracy of the agency's estimate of the burden;
    (3) Enhance the quality, utility, and clarity of the information to 
be collected; and
    (4) Minimize the burden of the collection of information on those 
who are to respond, including using appropriate automated, electronic, 
mechanical, or other technological collection techniques or other forms 
of information technology.

Information Collection Requirement

    Title: Pipeline Corporate Security Reviews and TSA Security 
Directive Pipeline-2021-02 series.
    Type of Request: Revision of a currently approved collection.
    OMB Control Number: 1652-0056.
    Forms(s): Pipeline CSR Protocol Form and documents submitted to TSA 
pursuant to the requirements in the Security Directive.
    Affected Public: Hazardous Liquids and Natural Gas Pipeline 
Industry.
    Abstract: Under the Aviation and Transportation Security Act \1\ 
and delegated authority from the Secretary of Homeland Security, TSA 
has broad responsibility and authority for ``security in all modes of 
transportation . . . including security responsibilities . . . over 
modes of transportation that are exercised by the Department of 
Transportation.'' \2\ TSA is specifically empowered to assess threats 
to transportation; \3\ develop policies, strategies, and plans for 
dealing with threats to transportation; \4\ oversee the implementation 
and adequacy of security measures at transportation facilities; \5\ and 
carry out other appropriate duties relating to transportation 
security.\6\ The Implementing Recommendations of the 9/11 Commission 
Act of 2007 included a specific requirement for TSA to conduct 
assessments of critical pipeline facilities.\7\
---------------------------------------------------------------------------

    \1\ Public Law 107-71 (115 Stat. 597; Nov. 19, 2001), codified 
at 49 U.S.C. 114.
    \2\ See 49 U.S.C. 114(d). The TSA Administrator's current 
authorities under the Aviation and Transportation Security Act have 
been delegated to him by the Secretary of Homeland Security. Section 
403(2) of the Homeland Security Act of 2002, Public Law 107-296 (116 
Stat. 2135, Nov. 25, 2002), transferred all functions of TSA, 
including those of the Secretary of Transportation and the Under 
Secretary of Transportation of Security related to TSA, to the 
Secretary of Homeland Security. Pursuant to DHS Delegation Number 
7060.2, the Secretary delegated to the Administrator of TSA, subject 
to the Secretary's guidance and control, the authority vested in the 
Secretary with respect to TSA, including that in section 403(2) of 
the Homeland Security Act.
    \3\ 49 U.S.C. 114(f)(2).
    \4\ 49 U.S.C. 114(f)(3).
    \5\ 49 U.S.C. 114(f)(11).
    \6\ 49 U.S.C. 114(f)(15).
    \7\ See section 1557 of Public Law 110-53 (121 Stat. 266, Aug. 
3, 2007) as codified at 6 U.S.C. 1207.
---------------------------------------------------------------------------

Establishing Compliance With Voluntary Pipeline CSR Program Information 
Collection Requirements

    TSA has historically assessed industry security practices through 
its Pipeline CSR program.\8\ Pipeline CSRs are voluntary, face-to-face 
visits, usually at the headquarters facility of the pipeline Owner/
Operator. TSA has developed a Question Set to aid in the conducting of 
CSRs. The CSR Question Set structures the TSA and pipeline Owner/
Operator discussion and is the central data source for the physical 
security information TSA collects.
---------------------------------------------------------------------------

    \8\ See section 1557 of Public Law 110-53 (121 Stat. 266; Aug. 
3, 2007) as codified at 6 U.S.C. 1207.
---------------------------------------------------------------------------

Establishing Compliance With Mandatory Requirements in the TSA SD 
Pipeline-2021-02 Series; Information Collection Requirements

    While the CSR collection supports physical security plans and 
processes, TSA issued the SD Pipeline-2021-02 series with mandatory 
requirements in order to mitigate specific cybersecurity concerns posed 
by current threats to national security. Pipeline Owner/Operators 
designated by TSA as critical must:
    <bullet> Submit a Cybersecurity Implementation Plan to TSA for 
approval (there is no designated form or format). Once approved by TSA, 
pipeline Owner/Operators must implement and maintain all measures. 
Owner/Operators must submit changes to their Cybersecurity 
Implementation Plan for approval in accordance with the instructions in 
the SD.
    <bullet> Develop and maintain an up-to-date Cybersecurity Incident 
Response Plan for their designated critical cyber systems to reduce the 
risk of operational disruption, or the risk of other significant 
impacts on business critical functions. Owner/operators must test the 
effectiveness of the Cybersecurity Incident Response Plan no less than 
annually.
    <bullet> Submit a Cybersecurity Assessment Plan on an annual basis 
to TSA for approval (there is no designated form or format).
    <bullet> Maintain records that establish compliance with the SD 
Pipeline-2021-02 series and make them available to TSA upon request for 
inspection and/or copying.
    Submissions by pipeline owner/operators in compliance with the 
voluntary PCSR or the mandatory SD Pipeline-2021-02 series requirements 
are deemed Sensitive Security Information (SSI) and are protected in 
accordance with procedures meeting the transmission, handling, and 
storage requirements of SSI in 49 CFR part 1520.

Revision of the Collection

    TSA is revising the title of the collection from ``Pipeline 
Corporate Security Reviews and Security Directives'' to ``Pipeline 
Corporate Security Reviews and TSA Security Directive Pipeline-2021-02 
series.'' This title more accurately reflects the specific TSA SD 
associated with this collection. TSA is seeking renewal of this 
information collection for the maximum 3-year approval period.
    Estimated Annual Number of Respondents: 100.
    Estimated Annual Burden Hours: 80,231.

    Dated: December 30, 2025.
Christina A. Walsh,
Paperwork Reduction Act Officer, Information Technology, Transportation 
Security Administration.
[FR Doc. 2025-24198 Filed 12-31-25; 8:45 am]
BILLING CODE 9110-05-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>