You are here

Protected Critical Infrastructure Information (PCII) Program

Congress created the Protected Critical Infrastructure Information (PCII) Program under the Critical Infrastructure Information (CII) Act of 2002 to protect private sector infrastructure information voluntarily shared with the government for the purposes of homeland security. The Final Rule at 6 C.F.R. Part 29, published in the Federal Register on September 1, 2006, established uniform procedures on the receipt, validation, handling, storage, marking, and use of critical infrastructure information voluntarily submitted to the Department of Homeland Security (DHS).

The protections offered by the PCII Program enhance the voluntary sharing of critical infrastructure information between infrastructure owners and operators and the government by giving homeland security partners confidence that sharing their information with the government will not expose sensitive or proprietary data.

PCII Submitter Awareness Video

The PCII Submitter Awareness video provides greater detail on Critical Infrastructure Information (CII), and provides additional guidance on why it should be submitted to the PCII Program, and how someone would go about submitting CII for PCII protection.

The video also explains the benefits of the PCII Program, some of the procedural safeguards and training requirements used to ensure the appropriate handling of PCII, and explains how PCII is used by DHS to improve the Federal Government’s ability to work.

How Does the PCII Program Support Infrastructure Protection?

The PCII Program protects information from public disclosure while allowing the DHS and other federal, state, tribal, and local security analysts to use PCII to:

  • Analyze and secure critical infrastructure and protected systems.
  • Identify vulnerabilities and develop risk assessments.
  • Enhance recovery preparedness measures.

Learn more on how the PCII Program can enhance the security and resilience of critical infrastructure.

How Does PCII Protect My Information?

Critical infrastructure information voluntarily shared with the government and validated as PCII by DHS is protected from:

  • The Freedom of Information Act (FOIA)
  • State, local, tribal, and territorial disclosure laws
  • Use in regulatory actions
  • Use in civil litigation

PCII can only be accessed in accordance with strict safeguarding and handling requirements, and only trained and certified federal, state, and local government employees or contractors may access PCII. The PCII Program enforces these requirements through PCII Program Compliance Reviews. Learn more on how the PCII Program protects critical infrastructure information.

PCII Program - Rulemaking Update

After 10 years of operation, the PCII Program Office is looking to update the entire Final Rule to strengthen and align the language to support the evolving needs of the critical infrastructure community and the cyber landscape. On April 21, 2016, DHS released an Advanced Notice of Proposed Rulemaking (ANPRM) on the PCII Program, with a 90-day comment period to elicit any viewpoints, impacts, concerns, and benefits from possible revisions to the entire Final Rule. The comment period is now closed. The Department will utilize both the feedback and the PCII Program's knowledge to begin developing the Notice of Proposed Rulemaking (NPRM).

Important PCII Documents

Contact Information

To learn more about how the PCII Program can support your organization’s homeland security efforts, please contact

Download a printer-friendly fact sheet on the PCII Program.

Last Published Date: August 14, 2018

Was this page helpful?

This page was not helpful because the content:
Back to Top