The Protected Critical Infrastructure Information (PCII) Program enhances voluntary information sharing between infrastructure owners and operators and the government. The Department of Homeland Security (DHS) and other Federal, state, tribal, and local analysts use PCII to:
- Analyze and secure critical infrastructure and protected systems.
- Identify vulnerabilities and develop risk assessments.
- Enhance recovery preparedness measures.
How Does PCII Support Infrastructure Protection?
Information authorized as PCII provides a level of protection that facilitates DHS's ability to work directly with the infrastructure owners and operators to identify vulnerabilities, mitigation strategies, and protective measures. PCII increases the value of DHS vulnerability assessment programs and risk management tools such as:
- The Enhanced Critical Infrastructure Protection Security surveys
- Site Assistance Visits
- Computer-Based Assessment Tool
- Voluntary Chemical Assessment Tool
- The Automated Critical Asset Management System
These programs rely on PCII to protect the infrastructure and vulnerability data they collect from disclosure, which allows DHS the opportunity to use it to improve critical infrastructure protection and resilience.
How Does PCII Protect My Information?
If the information submitted satisfies the requirements of the Critical Infrastructure Information Act of 2002, it is protected from:
- The Freedom of Information Act (FOIA)
- State, tribal, and local disclosure laws
- Use in regulatory actions
- Use in civil litigation
PCII protections mean that homeland security partners can be confident that sharing their information with the government will not expose sensitive or proprietary data. PCII can only be accessed in accordance with strict safeguarding and handling requirements. Only trained and certified Federal, State, and local government employees or contractors may access PCII.
PCII Program - Rulemaking Update:
After 10 years of operation, the PCII Program Office is looking to update the entire Final Rule to strengthen and align the language to support the evolving needs of the critical infrastructure community and the cyber landscape. On April 21, 2016, DHS released an Advanced Notice of Proposed Rulemaking (ANPRM) on the PCII Program, with a 90-day comment period to elicit any viewpoints, impacts, concerns, and benefits from possible revisions to the entire Final Rule.
- ANPRM on the PCII Program
- PCII ANPRM: Frequently Asked Questions
- PCII Program ANPRM - Federal Register