Congress created the Protected Critical Infrastructure Information (PCII) Program under the Critical Infrastructure Information (CII) Act of 2002 to protect private sector infrastructure information voluntarily shared with the government for the purposes of homeland security. The 6 Code of Federal Regulations (CFR) part 29, Procedures for Handling Protected Critical Infrastructure Information; Final Rule, published in the Federal Register on September 1, 2006, established uniform procedures on the receipt, validation, handling, storage, marking, and use of CII voluntarily submitted to the Department of Homeland Security (DHS).
The protections offered by the PCII Program enhance the voluntary sharing of CII between infrastructure owners and operators and the government. The PCII Program protections provide homeland security partners confidence that sharing their information with the government will not expose sensitive or proprietary data.
PCII Submitter Awareness Video
The PCII Submitter Awareness video explains the benefits of the PCII Program and provides detailed instruction and guidance on how to submit CII, to the PCII Program.
How Does the PCII Program Support Infrastructure Protection?
The PCII Program protects information from public disclosure while allowing the DHS and other federal, state, local, tribal, and territorial security analysts to use PCII to:
- Analyze and secure critical infrastructure and protected systems;
- Identify vulnerabilities and develop risk assessments; and
- Enhance recovery preparedness measures.
How Does PCII Protect My Information?
The CII Act of 2002 and its implementing rule, 6 CFR part 29, “Procedures for Handling Critical Infrastructure Information”; ensure the CII voluntarily shared with the government and validated as PCII by DHS is protected from:
- The Freedom of Information Act (FOIA);
- State, local, tribal, and territorial disclosure laws;
- Use in regulatory actions; and
- Use in civil litigation.
Access to PCII is authorized only to those federal, state, local, tribal and territorial government employees or government contracted personnel who are trained and certified in the strict safeguarding and handling requirements. Learn more on how the PCII Program protects critical infrastructure information.
PCII Program - Rulemaking Update
After 10 years of operation, the PCII Program Office is updating 6 CFR part 29, “Procedures for Handling Protected Critical Infrastructure Information”; Final Rule, to strengthen and align the language to support the evolving needs of the critical infrastructure community and the cyber landscape. On April 21, 2016, DHS released an Advanced Notice of Proposed Rulemaking (ANPRM) on the PCII Program, with a 90-day comment period to elicit any viewpoints, impacts, concerns, and benefits from possible revisions to the entire Final Rule. The comment period is now closed. The Department will utilize both the feedback and the PCII Program's knowledge to begin developing the Notice of Proposed Rulemaking (NPRM).
- ANPRM on the PCII Program
- PCII ANPRM: Frequently Asked Questions
- PCII Program ANPRM - Federal Register
Important PCII Documents
- PCII Program Fact Sheet
- Penalties for Violations of the PCII Program Fact Sheet
- PCII Program Procedures Manual
- PCII Work Products Guide (Appendix to PCII Procedures Manual explaining how to produce sanitized and derivative products)
- Critical Infrastructure Information Act of 2002
- 6 CFR part 29, “Procedures for Handling Critical Infrastructure Information”; Final Rule