Information Sharing & Analysis

• Activities & Programs
• Committees & Working Groups
• Laws & Regulations
• Publications
• Report Incidents

« Protected Critical Infrastructure Information (PCII) Program

How to Submit Critical Infrastructure Information (CII) For PCII Protection

• Qualifying Information
• Potential Submitters
• Submission Process
• Express Statement and Certification Statement
• Information-Sharing Partnerships

Private-sector companies, state and local government entities and working groups comprised of government and private sector representatives are examples of organizations that can submit Critical Infrastructure Information (CII) for PCII protection. 

Qualifying Information

Information related to the security of critical infrastructure or protected systems, including documents, records or other information concerning threats, vulnerabilities and operational experience may be submitted for PCII protection. Qualifying information must be:

• Voluntarily submitted,
• Not customarily available in the public domain, and
• Not submitted in lieu of compliance with any regulatory requirement.

Once a submission is evaluated and determined to meet all prescribed qualifications, the PCII Program Office will validate it and mark the information as PCII. 

PCII protections only apply to the information in the hands of the government and not to the copy retained by the submitter.

Submitted information will retain PCII protections unless the PCII Program Office determines that the information, at the time of the submission, was customarily in the public domain, or the submitter requests in writing that the protections be removed.

• Submissions that will not be validated as PCII include information required by the Department of Homeland Security under the DHS Chemical Facility Anti-Terrorism Standards (CFATS).

Submissions that do not meet requirements are destroyed or returned, determined by the submitter's written preference.

Back To Top

Potential Submitters

The PCII Program Office will accept submissions of critical infrastructure information (CII) in consideration of the protections of the CII Act from any submitter who:

• Owns the information being submitted (or is an authorized representative of the owner of the information),
• Has sufficient knowledge of the information to affirm that it is being submitted voluntarily (i.e., in the absence of an exercise of legal authority by the Department of Homeland Security to compel access to or submission of such information), and
• Has sufficient knowledge of the information to affirm in the Certification Statement that the information is not lawfully, properly, and regularly disclosed generally or broadly to the public.

Examples of potential submitters include, but are not limited to:

• State and local government officials,
• Authorized representatives of privately or publicly owned companies,
• Industry associations (on behalf of their members),
• Individuals capable of providing an analytical observation of a critical infrastructure, and
• Working groups comprised of government and private sector representatives.

Representatives of federal government entities may not submit information to the PCII Program in consideration of the protections of the CII Act.

Back To Top

Submission Process

Submitters should contact the PCII Program Office prior to submitting their information to ensure that the Program Office can accept the submission format and for any additional guidance.

Critical infrastructure information for PCII validation can be submitted in two ways:

• Through a partnering federal government entity, or 
• Directly to the PCII Program Office. 

Critical infrastructure information may be submitted to the Department of Homeland Security through approved partnerships with federal agencies. In these specific partnerships, the PCII Program Manager declares certain subject matter or types of information categorically protected as PCII and sets procedures for receiving and processing of this information.

Critical infrastructure information may be directly submitted to the PCII Program Office for protection via:

• Electronic Submittal
• Standard Mail:
  PCII Program Office
  Department of Homeland Security
  245 Murray Lane SW, Building 410
  Washington, DC 20528-0001
• Fax: 703-235-3050
• Phone: 202-360-3023

Phone submissions must be followed by a similar written statement within 15 calendar days after the submission.

The PCII Program Office or Designee will acknowledge receipt of the submission within 30 days of its receipt. Acknowledgement of receipt is not a determination of validation but only a notification to the submitter that the PCII Program Office or Designee has received the information accompanied by an Express Statement.

Once the submission is validated, the submitter will receive a validation letter or an email which will include a submission identification number.

Back To Top

Express Statement and Certification Statement

All information submitted for PCII protection must include:

• An Express Statement requesting the protection offered by the CII Act; and
• A Certification Statement containing an affirmation that the individual submitting the information is authorized to submit and the submitter’s contact information, and certifying that the information is not customarily in the public domain.

When accompanied by an Express Statement and a signed Certification Statement, the submission will be granted the presumption of protection throughout the entire validation process. If the Certification Statement is missing or incomplete, the information will have the presumption of protection but the PCII Program Office will request that the submitter provide a complete Certification Statement within 30 calendar days.

If the submitter does not remedy the deficiency within 30 days of the request, the PCII Program Office will either return the information to the submitter in accordance with the submitting person or entity's written preference or destroy the submission in accordance with the Federal Records Act and Department of Homeland Security regulations. 

Back To Top

Information-Sharing Partnerships

The PCII Program works with federal government partners to integrate PCII protections into data-collection processes. Examples of successful information-sharing partnerships within the Department include:

• Infrastructure Information Collection Division’s Constellation/Automated Critical Asset Management System (C/ACAMS)
• Protective Security Coordination Division’s Site Assistance Visits (SAVs) and Buffer Zone Protection Plans (BZPPs)
• National Cyber Security Division’s United States Computer Emergency Readiness Team (US-CERT) Secure Portal Submissions Capability

Back To Top

This page was last reviewed/modified on July 24, 2008.